Overview

overview

10

Static

static

10

ae59145950...d3.exe

windows7-x64

10

ae59145950...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae59145950c4e7c389d63524c3f9499c33af838bcaca8a99c14e116f29cf9ad3.exe

  • Size

    4.3MB

  • MD5

    8192de709c1395aa22f9728942f5642b

  • SHA1

    4b93558f7e1ff8d5dd9a09c5cd6a314212dd797c

  • SHA256

    ae59145950c4e7c389d63524c3f9499c33af838bcaca8a99c14e116f29cf9ad3

  • SHA512

    979ce6fae6c9336f72cbdce1573bb08ecd7138d787e9a2ee7c613a107658e0fed4381b8c1bb4b108030934660facaaf245e291be18435411064d861aeb366e56

  • SSDEEP

    98304:5iSKMbPs4ZcvDXGsUgG1/Q/g+ZmiPDC+kAE:zGDZHFg+ZTrnkJ

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae59145950c4e7c389d63524c3f9499c33af838bcaca8a99c14e116f29cf9ad3.exe
    "C:\Users\Admin\AppData\Local\Temp\ae59145950c4e7c389d63524c3f9499c33af838bcaca8a99c14e116f29cf9ad3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Manatee2022\Config\manatee.cfg
    Filesize

    111B

    MD5

    750d1e62d281091d5120890a82eb2542

    SHA1

    159dbe6b56d8f9fd6457d4c3f4d5bdcd58078c28

    SHA256

    e478f0b3c195f14daaf4982550f0d68ca64f12588ee993c9d1644effc095233e

    SHA512

    100497c5d8d05fdff91a905f6836597131f4b3bda303f6e63b7ab894b9a5da1a77320357ce8fb56237ca6f966fc60153df2a3ab7ed0924ec3f15ff8b580daa5e

    Download Submit

  • memory/2484-0-0x0000000010000000-0x000000001001A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2484-1-0x0000000076A30000-0x0000000076B40000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2484-2-0x00000000029A0000-0x0000000002AB0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2484-3-0x0000000002750000-0x00000000027A9000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2484-4-0x0000000002AB0000-0x0000000002B64000-memory.dmp

    Filesize

    720KB

    Download

  • memory/2484-14-0x0000000002990000-0x0000000002991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2484-15-0x00000000027B0000-0x00000000027B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2484-19-0x0000000010000000-0x000000001001A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2484-20-0x0000000002AB0000-0x0000000002B64000-memory.dmp

    Filesize

    720KB

    Download

  • memory/2484-21-0x00000000027C0000-0x00000000027C1000-memory.dmp

    Filesize

    4KB

    Download