Overview

overview

10

Static

static

10

4cf3425877...32.exe

windows7-x64

10

4cf3425877...32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-10-2023 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cf34258777fbff3b6d2a36e9c801ec0_exe32.exe

  • Size

    135KB

  • MD5

    4cf34258777fbff3b6d2a36e9c801ec0

  • SHA1

    791ad3bce22d022d910641fc051e5d8ffb40224c

  • SHA256

    ef3618fbc19d8994c0022450e1487dfa5e730ced9fb0c2f9149e1d16ba71779c

  • SHA512

    befa34c85a09b47195ff403e588cfe22f2c6ac1c02db6d5f64626664d5d72f971e36cb30cb6d3f1a4ffcc90c3b0592aa24f2624990513962a8671427a5133f5e

  • SSDEEP

    1536:Md+zUtBIBU+2Da4lH4Iiue58o/ZDv4GMfcHZIlVKAn5ZAcXeOqbZ6Njk9:OqSe5OmiEoAcCbZ6I

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cf34258777fbff3b6d2a36e9c801ec0_exe32.exe
    "C:\Users\Admin\AppData\Local\Temp\4cf34258777fbff3b6d2a36e9c801ec0_exe32.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4664
    • \??\c:\t43um1.exe
      c:\t43um1.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\t43um1.exe
    Filesize

    135KB

    MD5

    e07fa886349ae6b8356a50f56c80ab5e

    SHA1

    bed2c327be6da92558852cc1b6096d19b867b486

    SHA256

    3d271e4140ebe2e350eabb607f0d3f8e7150af9248b99d3e891ee49d23916e86

    SHA512

    02c44be8ae5f371629b41572225dfa7529cabb1c4266bcfd985dd696aacde1ace858ddbb12b45fec82eedfd567fc14152c03bab9ab303359c7b803faff523da2

    Download Submit

  • \??\c:\jl
    Filesize

    76B

    MD5

    a7dc062367cfd2cbd2a5c8510e83a20f

    SHA1

    c91c56d8849ac7df2f2c817341255d92d792ac01

    SHA256

    a6917b527e60ef773a2c8ad74f3f7e01b99a0d1fcf40cff6e93c529c0a420e90

    SHA512

    f11882e340557cdd0cd89194bd6cbb985a5aa78c3accb45534837415d1f595beb228ca74277799ca430417e27eca44974f15b4d105cd92541e854f1ff0c5f6e5

    Download Submit

  • \??\c:\t43um1.exe
    Filesize

    135KB

    MD5

    e07fa886349ae6b8356a50f56c80ab5e

    SHA1

    bed2c327be6da92558852cc1b6096d19b867b486

    SHA256

    3d271e4140ebe2e350eabb607f0d3f8e7150af9248b99d3e891ee49d23916e86

    SHA512

    02c44be8ae5f371629b41572225dfa7529cabb1c4266bcfd985dd696aacde1ace858ddbb12b45fec82eedfd567fc14152c03bab9ab303359c7b803faff523da2

    Download Submit