Overview

overview

10

Static

static

3

98ce261773...84.exe

windows7-x64

10

98ce261773...84.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2023 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98ce2617736d98ead85881e39816ec9745b66c874c3b76ed8e84952839432f84.exe

  • Size

    3.9MB

  • MD5

    d967948bd5c7ce06294efbb62a7d0eb4

  • SHA1

    82a98715d1bbf834bcf9f94adadf86d17c2ac410

  • SHA256

    98ce2617736d98ead85881e39816ec9745b66c874c3b76ed8e84952839432f84

  • SHA512

    91287cd752a271aa57bc5c3913e64cf41d23f655a2524b4b1d57bf176acc5b08e0402363359065cd35de63b939903a54969bfa5590f74f6e6e6bb5fc7111e0f8

  • SSDEEP

    49152:T1fScVOBk4woL1GucqSDksBOFcTI+EYAAgs2HI5jO8NeFB7daOYKM:xfJVOBk4wCGASDBO+EQgtcIP

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 31 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98ce2617736d98ead85881e39816ec9745b66c874c3b76ed8e84952839432f84.exe
    "C:\Users\Admin\AppData\Local\Temp\98ce2617736d98ead85881e39816ec9745b66c874c3b76ed8e84952839432f84.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Lm3569.dll
    Filesize

    109KB

    MD5

    aff289b05070a41980c4f76447fb3ea1

    SHA1

    5740990a555639ccc9002d1f71825d2508d9c10e

    SHA256

    757bfccbf0a50cada6289bbf77cdce9bb7bcc3d91140aeedc37799933dbfa87d

    SHA512

    0b3d60943f0713ce32e4623988868baf0b268982a9a3445932c7b9aa41b7ecc94ede9059ed764e18e7f9e44135c7a22a2278d3f6b4fe0d60fc7b67463e5dce84

    Download Submit

  • C:\Lm3569.dll
    Filesize

    109KB

    MD5

    aff289b05070a41980c4f76447fb3ea1

    SHA1

    5740990a555639ccc9002d1f71825d2508d9c10e

    SHA256

    757bfccbf0a50cada6289bbf77cdce9bb7bcc3d91140aeedc37799933dbfa87d

    SHA512

    0b3d60943f0713ce32e4623988868baf0b268982a9a3445932c7b9aa41b7ecc94ede9059ed764e18e7f9e44135c7a22a2278d3f6b4fe0d60fc7b67463e5dce84

    Download Submit

  • memory/4196-25-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-9-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-27-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-7-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-31-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-11-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-13-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-15-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-17-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-19-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-21-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-33-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-0-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-29-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-5-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-3-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-23-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-35-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-37-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-39-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-41-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-43-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-2-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-1-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-51-0x0000000002DF0000-0x000000000306D000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4196-52-0x0000000002DF0000-0x000000000306D000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4196-53-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4196-54-0x0000000002DF0000-0x000000000306D000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4196-57-0x0000000002DF0000-0x000000000306D000-memory.dmp

    Filesize

    2.5MB

    Download