blackmoon | a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe
Size

4.5MB
MD5

ea3e3476e2a2faafa1d710c119cc65ba
SHA1

276a0a372da5ca69043f6bbab11bea822863149a
SHA256

a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9
SHA512

2da5bceea609c98e9a766039e72ffbd595958de6bc549b0c0b31f075836caeab31b256cdb5a40eb08f8771de4cb84706ae8aea67324d0415950aa1f020e2fe57
SSDEEP

49152:iuWYmjXcvDgYGERUAhZjNGlY+/bM/dPy+cT/8ks22ur9tpaGADCjSkAl2+XFCU4I:5kXcvDXGsUgG1/Q/g+ZmiPDC+kAEy4

Score

10^/10

blackmoon banker trojan

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 2 IoCs

resource	yara_rule
behavioral2/memory/4152-5-0x0000000002B40000-0x0000000002BF4000-memory.dmp	family_blackmoon
behavioral2/memory/4152-23-0x0000000002B40000-0x0000000002BF4000-memory.dmp	family_blackmoon

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4152	NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe
4152	NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4152	NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4152	NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe
4152	NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a199efa3f31d0ed5cb047423daf7be397bb8c320c05f1d962d7a50785c0244a9_JC.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Manatee2022\Config\manatee.cfg

Filesize
111B

MD5
750d1e62d281091d5120890a82eb2542

SHA1
159dbe6b56d8f9fd6457d4c3f4d5bdcd58078c28

SHA256
e478f0b3c195f14daaf4982550f0d68ca64f12588ee993c9d1644effc095233e

SHA512
100497c5d8d05fdff91a905f6836597131f4b3bda303f6e63b7ab894b9a5da1a77320357ce8fb56237ca6f966fc60153df2a3ab7ed0924ec3f15ff8b580daa5e

Download Submit
memory/4152-3-0x0000000002750000-0x00000000027A9000-memory.dmp

Filesize
356KB

Download
memory/4152-2-0x0000000002890000-0x0000000002980000-memory.dmp

Filesize
960KB

Download
memory/4152-0-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download
memory/4152-4-0x0000000075A30000-0x0000000075B20000-memory.dmp

Filesize
960KB

Download
memory/4152-5-0x0000000002B40000-0x0000000002BF4000-memory.dmp

Filesize
720KB

Download
memory/4152-1-0x0000000075A30000-0x0000000075B20000-memory.dmp

Filesize
960KB

Download
memory/4152-15-0x0000000003300000-0x0000000003301000-memory.dmp

Filesize
4KB

Download
memory/4152-16-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/4152-20-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download
memory/4152-21-0x0000000075A30000-0x0000000075B20000-memory.dmp

Filesize
960KB

Download
memory/4152-22-0x0000000075A30000-0x0000000075B20000-memory.dmp

Filesize
960KB

Download
memory/4152-23-0x0000000002B40000-0x0000000002BF4000-memory.dmp

Filesize
720KB

Download
memory/4152-24-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads