Overview

overview

10

Static

static

10

DKCat 7.7.exe

windows7-x64

10

DKCat 7.7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2023 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DKCat 7.7.exe

  • Size

    17.4MB

  • MD5

    e0a0b8edf30dcdfee7590ced1dd6e8b5

  • SHA1

    f4ce8e489cbbff3f625d3976404c16a24ead8c4c

  • SHA256

    93d97957ce5113fbda9dfdb10646e790df4b15f79ef5ff748131e48010f1c52a

  • SHA512

    a077695fa283625f7a76f235b3a06cd630b635a4f62529415de741def39dbd61f7804ebb4251f4841ab149d98014675a56979a3b05d6459a2aac9b670216d1ca

  • SSDEEP

    393216:Bo8bw8WlwxsQiasvvLNOmYg3r3d51AyzmkiF1XZETT:K8bwVwqhasvvLNfpbN5aYgvpUT

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 9 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DKCat 7.7.exe
    "C:\Users\Admin\AppData\Local\Temp\DKCat 7.7.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2664-134-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2664-133-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2664-136-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-137-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-138-0x00000000039E0000-0x0000000003A06000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2664-139-0x0000000003A10000-0x0000000003A34000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2664-140-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-141-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-142-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-143-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-144-0x0000000003A10000-0x0000000003A34000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2664-145-0x00000000039E0000-0x0000000003A06000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2664-146-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2664-147-0x0000000000400000-0x00000000015C5000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/2664-148-0x00000000039E0000-0x0000000003A06000-memory.dmp

    Filesize

    152KB

    Download