Overview

overview

10

Static

static

3

cb85e2e646...fc.exe

windows7-x64

10

cb85e2e646...fc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb85e2e646f182f9ee1f1465aef6d31c2e53d0fd5ba43a31119ec1fe802e6cfc.exe

  • Size

    3.4MB

  • MD5

    bb909942e40f03885dcfb532fd46b345

  • SHA1

    60ecd4629e8c6d55d74fe3ac3c7a0be888cdb3bb

  • SHA256

    cb85e2e646f182f9ee1f1465aef6d31c2e53d0fd5ba43a31119ec1fe802e6cfc

  • SHA512

    7a626abafb5e509e35de24461746125a5a8eaad2ef943f3b63b16b70707f426d8416b8e5d8978e5baf51fb276e6db576c78149e7121cdf2c8e1238755c5c8bdb

  • SSDEEP

    98304:o3yEMCSpHX0QstYMi2kGI7UrCpoGj6c7gn82Ywt:VEM/pQtYX2kDQWow68uYwt

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb85e2e646f182f9ee1f1465aef6d31c2e53d0fd5ba43a31119ec1fe802e6cfc.exe
    "C:\Users\Admin\AppData\Local\Temp\cb85e2e646f182f9ee1f1465aef6d31c2e53d0fd5ba43a31119ec1fe802e6cfc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\speedhack-i386.dll
    Filesize

    177KB

    MD5

    f581898b2ff51c2ccca11993b693c628

    SHA1

    f3477f50a088579c7d132e7846848b4196b4f488

    SHA256

    4f612169a241a06e8a910fe2ecad6190e0958da0128d29b335064e68611aa26f

    SHA512

    08bb46a2cbcf8afd4222f57cc92cf10defb2639e850b7043cb3ccf5f67546567069004e31205ae9f8c52fe9816a3c6963b96b946121fc500c89925246de43294

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\speedhack-i386.dll
    Filesize

    177KB

    MD5

    f581898b2ff51c2ccca11993b693c628

    SHA1

    f3477f50a088579c7d132e7846848b4196b4f488

    SHA256

    4f612169a241a06e8a910fe2ecad6190e0958da0128d29b335064e68611aa26f

    SHA512

    08bb46a2cbcf8afd4222f57cc92cf10defb2639e850b7043cb3ccf5f67546567069004e31205ae9f8c52fe9816a3c6963b96b946121fc500c89925246de43294

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\speedhack-i386.dll
    Filesize

    177KB

    MD5

    f581898b2ff51c2ccca11993b693c628

    SHA1

    f3477f50a088579c7d132e7846848b4196b4f488

    SHA256

    4f612169a241a06e8a910fe2ecad6190e0958da0128d29b335064e68611aa26f

    SHA512

    08bb46a2cbcf8afd4222f57cc92cf10defb2639e850b7043cb3ccf5f67546567069004e31205ae9f8c52fe9816a3c6963b96b946121fc500c89925246de43294

    Download Submit

  • memory/1936-13082-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1936-5884-0x0000000076460000-0x00000000764DA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1936-13070-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13071-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13072-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13074-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13075-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13076-0x00000000038F0000-0x00000000039AB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/1936-13079-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1936-0-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13084-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1936-13069-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-3875-0x00000000758E0000-0x0000000075A80000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1936-13088-0x0000000004210000-0x0000000004242000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1936-1-0x0000000077350000-0x0000000077565000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1936-13091-0x0000000077570000-0x0000000077660000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1936-13092-0x0000000077570000-0x0000000077660000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1936-13093-0x0000000000400000-0x000000000089C000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1936-13095-0x00000000038F0000-0x00000000039AB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/1936-13096-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1936-13097-0x0000000077570000-0x0000000077660000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1936-13098-0x0000000077570000-0x0000000077660000-memory.dmp

    Filesize

    960KB

    Download