Overview

overview

10

Static

static

3

7f469f3fc3...28.exe

windows7-x64

10

7f469f3fc3...28.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    163s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 02:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7f469f3fc3e6e9613da741c9f341ac63b083acb8f62582c1a69f8798c5bc6828.exe

  • Size

    4.7MB

  • MD5

    e32e4b8c226d84e373d4ba15e6edc05c

  • SHA1

    01ff5e2c2705cf4a80c0eaf8ce86ee9f9e043a55

  • SHA256

    7f469f3fc3e6e9613da741c9f341ac63b083acb8f62582c1a69f8798c5bc6828

  • SHA512

    e87faeea593fa5da54534823f4fb57ec11ef90a4fbff7a347813e3fac77de2bf6fd261acdceeefffa712ac07bdd3b351ed09cbd3101a9f40ef08caead53d5038

  • SSDEEP

    98304:+YuDd2dk+8C2oWM2ovKHVdVXLbwAOlmXpVRM/0:+0Me3ziH/RoAwmX+0

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f469f3fc3e6e9613da741c9f341ac63b083acb8f62582c1a69f8798c5bc6828.exe
    "C:\Users\Admin\AppData\Local\Temp\7f469f3fc3e6e9613da741c9f341ac63b083acb8f62582c1a69f8798c5bc6828.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4476

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Gods.dll
          Filesize

          882KB

          MD5

          b758d88d628ac605de8ba6ac50d52736

          SHA1

          7b1d2820e451af1b23cca430c2e08ce7d07668bc

          SHA256

          dcddfb23a3960f115ddbed7f33fd19121be5da50641e8c4e5ae5b0d4fcf731c1

          SHA512

          121c2d027a740cace52ed658c6beb7be0b5de40c22cd2173690ad39cb33572adb30852ca51c186dc51f1d91e14b86a7aa651fa0017c25cd801d06e4cd6ba3c34

          Download Submit

        • memory/4476-4-0x0000000010000000-0x00000000117BC000-memory.dmp

          Filesize

          23.7MB

          Download

        • memory/4476-5-0x0000000010000000-0x00000000117BC000-memory.dmp

          Filesize

          23.7MB

          Download