Overview

overview

10

Static

static

3

NEAS.d2867...20.exe

windows7-x64

10

NEAS.d2867...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    2s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 19:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.d2867a081b6a203e60c17529632c5220.exe

  • Size

    144KB

  • MD5

    d2867a081b6a203e60c17529632c5220

  • SHA1

    6b258f3ff99f04e8aa417da91cf68ed04ebe59d3

  • SHA256

    c6a76499f0bb680932d307a6bf3ded58f6331c6b1baec2a9e6dc971fbea873e6

  • SHA512

    ffb128a32ff43db0c10a9ad4fb0f12f126340391e8e955277f52999d35ba4e68ea64ced37891c86b7922c58821f7af40c44c3431d7425c55240517e1dfab9fc0

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gBEpBGQfzJjI:n3C9BRo7tvnJ9oEzpG

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d2867a081b6a203e60c17529632c5220.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.d2867a081b6a203e60c17529632c5220.exe"
    1⤵
      PID:1056
    • \??\c:\mkn5k5.exe
      c:\mkn5k5.exe
      1⤵
        PID:4496

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\mkn5k5.exe
              Filesize

              144KB

              MD5

              94710d13ed3c661f1474f85e7d430cf3

              SHA1

              828af98477a9e0314be09f26d8d009ee6d5e6b57

              SHA256

              a49d26ebe358b35d709d77174c07296602609a742e64d1330aa59e2c46f2f8f5

              SHA512

              a1957a79f48199d2aeb94262664de83b25e99484cce0b51cacc728b6d406c81e3e22ef91fca3abbafa66969992eff9b153ae6ce956860bf5934e06cdb08b21aa

              Download Submit

            • \??\c:\55iaq.exe
              Filesize

              144KB

              MD5

              b90a4f712f1ed1398b8e0491d800326f

              SHA1

              878eb8b14b5bdf51854937d74551cb0cdb577226

              SHA256

              ccd92e2e1d6c614613831b13ff02f89152427034238018372bb55e6c58dcf4d1

              SHA512

              48059a4fe2ed0abc252a64ce42b3b05d58a177fd0ca3ab0064235f2f1bb08d35fa81f98e86ebf2988665a96f263d6f501d70c5974c9418f50d8e5f172ff44a86

              Download Submit

            • \??\c:\mkn5k5.exe
              Filesize

              144KB

              MD5

              94710d13ed3c661f1474f85e7d430cf3

              SHA1

              828af98477a9e0314be09f26d8d009ee6d5e6b57

              SHA256

              a49d26ebe358b35d709d77174c07296602609a742e64d1330aa59e2c46f2f8f5

              SHA512

              a1957a79f48199d2aeb94262664de83b25e99484cce0b51cacc728b6d406c81e3e22ef91fca3abbafa66969992eff9b153ae6ce956860bf5934e06cdb08b21aa

              Download Submit

            • memory/1056-0-0x0000000000400000-0x0000000000429000-memory.dmp

              Filesize

              164KB

              Download

            • memory/1056-1-0x00000000005D0000-0x00000000005DC000-memory.dmp

              Filesize

              48KB

              Download

            • memory/1056-4-0x0000000000400000-0x0000000000429000-memory.dmp

              Filesize

              164KB

              Download

            • memory/4496-17-0x00000000004C0000-0x00000000004CC000-memory.dmp

              Filesize

              48KB

              Download