Overview

overview

10

Static

static

10

c7d490ed15...06.exe

windows7-x64

10

c7d490ed15...06.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2023 05:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7d490ed15a9e8059b5eef7d487fd46f8f9e04922b235b43b9508c63f165e906.exe

  • Size

    4.3MB

  • MD5

    b43033548b043b2fa3f5fbb6e2931966

  • SHA1

    1841f9ed8cc3af7d9b431b8f136a2297780b01c3

  • SHA256

    c7d490ed15a9e8059b5eef7d487fd46f8f9e04922b235b43b9508c63f165e906

  • SHA512

    0e43d7455b48d7230f2f18804e5c265c84d3e363ef6c641040a9f3c9723cd9953bb75f6f48f90d037ff238919a0e4f835806757ea94e3a4e5fd45c0d5a739796

  • SSDEEP

    98304:xiSKMbPs4ZcvDXGsUgG1/Q/g+ZmiPDC+kAE:LGDZHFg+ZTrnkJ

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7d490ed15a9e8059b5eef7d487fd46f8f9e04922b235b43b9508c63f165e906.exe
    "C:\Users\Admin\AppData\Local\Temp\c7d490ed15a9e8059b5eef7d487fd46f8f9e04922b235b43b9508c63f165e906.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Manatee2022\Config\manatee.cfg
    Filesize

    111B

    MD5

    750d1e62d281091d5120890a82eb2542

    SHA1

    159dbe6b56d8f9fd6457d4c3f4d5bdcd58078c28

    SHA256

    e478f0b3c195f14daaf4982550f0d68ca64f12588ee993c9d1644effc095233e

    SHA512

    100497c5d8d05fdff91a905f6836597131f4b3bda303f6e63b7ab894b9a5da1a77320357ce8fb56237ca6f966fc60153df2a3ab7ed0924ec3f15ff8b580daa5e

    Download Submit

  • memory/1764-0-0x0000000010000000-0x000000001001A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1764-1-0x0000000075CF0000-0x0000000075E00000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1764-3-0x0000000000890000-0x00000000008E9000-memory.dmp

    Filesize

    356KB

    Download

  • memory/1764-4-0x0000000002BB0000-0x0000000002C64000-memory.dmp

    Filesize

    720KB

    Download

  • memory/1764-2-0x0000000002AA0000-0x0000000002BB0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1764-14-0x0000000002300000-0x0000000002301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1764-15-0x0000000000940000-0x0000000000941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1764-19-0x0000000010000000-0x000000001001A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1764-20-0x0000000075CF0000-0x0000000075E00000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1764-21-0x0000000002BB0000-0x0000000002C64000-memory.dmp

    Filesize

    720KB

    Download

  • memory/1764-22-0x0000000000C20000-0x0000000000C21000-memory.dmp

    Filesize

    4KB

    Download