blackmoon | c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
Size

185KB
MD5

fe2cebee0dfbae482f46e693bbc451bf
SHA1

2a8e6e73706ef94b52681c5ae156504daa629589
SHA256

c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a
SHA512

4d52dcb5b93650457570cfa72bf5a0a1bd9752cb1b813269e4132b2303d91b3519158859fb327d7f0f332d1f96eb9062f3e297a2abceb7b736aaa31453744b6e
SSDEEP

3072:FlyCWX6fkKuRR6gLKVBIERq7cbo32DgjUikZBJOtO1XI3pmAqFueZcKP+VGrtfra:PBdktvObRqlWg2BJdwwAqFueZc2+gxtM

Score

10^/10

blackmoon banker trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 3 IoCs

resource	yara_rule
behavioral2/memory/2804-13-0x0000000000400000-0x0000000000491000-memory.dmp	family_blackmoon
behavioral2/memory/2804-37-0x0000000010000000-0x0000000010055000-memory.dmp	family_blackmoon
behavioral2/memory/2804-38-0x0000000000400000-0x0000000000491000-memory.dmp	family_blackmoon

Downloads MZ/PE file

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\hYnZmAzZ.dll	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File opened for modification	C:\Windows\System32\drivers\hYnZmAzZ.dll	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File created	C:\Windows\SysWOW64\drivers\aSkUzJgR	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File opened for modification	C:\Windows\SysWOW64\drivers\aSkUzJgR	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File created	C:\Windows\System32\drivers\rgF43rgF	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File opened for modification	C:\Windows\System32\drivers\rgF43rgF	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File created	C:\Windows\System32\drivers\sDA38sDA	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
File opened for modification	C:\Windows\System32\drivers\sDA38sDA	c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2804-0-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral2/memory/2804-2-0x0000000002240000-0x0000000002267000-memory.dmp	upx
behavioral2/memory/2804-11-0x0000000010000000-0x0000000010055000-memory.dmp	upx
behavioral2/memory/2804-13-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral2/memory/2804-28-0x0000000002240000-0x0000000002267000-memory.dmp	upx
behavioral2/memory/2804-37-0x0000000010000000-0x0000000010055000-memory.dmp	upx
behavioral2/memory/2804-38-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral2/memory/2804-58-0x0000000002F20000-0x0000000002F21000-memory.dmp	upx

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

C:\Users\Admin\AppData\Local\Temp\c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe
"C:\Users\Admin\AppData\Local\Temp\c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a.exe"
1⤵
- Drops file in Drivers directory
PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\drivers\sDA38sDA

Filesize
44KB

MD5
f8884a2874a0abe17a0bde15549ea4be

SHA1
f28ab00af36d4c5e19db1c891db9c4e24492c316

SHA256
46903b9e202d31a99221ec63d453b2a5a61d474d2dc94fcf85a88b56e2435a49

SHA512
cf15b839ceed22d4b31cec1a7e458498833780b7971951999212da5ff879f27cbc434680542685e8622d1f42615bb955632895db16a8d63e7c28e1765936e5b7

Download Submit
memory/2804-24-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-19-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-11-0x0000000010000000-0x0000000010055000-memory.dmp

Filesize
340KB

Download
memory/2804-12-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-14-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-13-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2804-28-0x0000000002240000-0x0000000002267000-memory.dmp

Filesize
156KB

Download
memory/2804-27-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-26-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-25-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2804-23-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-22-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-21-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-20-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-37-0x0000000010000000-0x0000000010055000-memory.dmp

Filesize
340KB

Download
memory/2804-18-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-17-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-16-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-15-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-29-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-2-0x0000000002240000-0x0000000002267000-memory.dmp

Filesize
156KB

Download
memory/2804-7-0x0000000077632000-0x0000000077633000-memory.dmp

Filesize
4KB

Download
memory/2804-36-0x0000000077632000-0x0000000077633000-memory.dmp

Filesize
4KB

Download
memory/2804-54-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-40-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-41-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-43-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-42-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-44-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-45-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-46-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-47-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-48-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-49-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-50-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-51-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-52-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-38-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2804-53-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-55-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-56-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-58-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-57-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-59-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2804-60-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download