Overview

overview

10

Static

static

10

90ba049615...67.exe

windows7-x64

10

90ba049615...67.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2023, 15:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    90ba049615dc569d0264db01fb502c76f6537356e42b511a04ca498dbaeaec67.exe

  • Size

    3.8MB

  • MD5

    3dd2f583ac8391d995e3ce9e022bd657

  • SHA1

    5c944e9968095f3520cb1da8d9751b0ce679dc99

  • SHA256

    90ba049615dc569d0264db01fb502c76f6537356e42b511a04ca498dbaeaec67

  • SHA512

    4dc04dfe861852a59cf8ec122ed0b825d30df50a9c13e28a66e0d7806df99570560e8ea7ca7863af6d56bdf7a8dec73c3183901f8cf8eec710ca4027acf673c9

  • SSDEEP

    49152:yL2GTJggQ1HCJ1o/p4WsRFzWHlfDwKrQteBsY0r2H4qtkvkfx6tS:yL/TJggoKAp4nRFzWFDzKn2YqIkn

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90ba049615dc569d0264db01fb502c76f6537356e42b511a04ca498dbaeaec67.exe
    "C:\Users\Admin\AppData\Local\Temp\90ba049615dc569d0264db01fb502c76f6537356e42b511a04ca498dbaeaec67.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Users\Admin\AppData\Local\Temp\f763228.tmp
      C:\Users\Admin\AppData\Local\Temp\f763228.tmp
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3000

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\f763228.tmp
          Filesize

          3.2MB

          MD5

          cd0bcfb38261445a6acf3ab4d85bde50

          SHA1

          e938cd54d9c3b4fb52521f40c6ede9dc0e72588c

          SHA256

          af0d13a71d5828f7f4bfbe19f91b1dea7104ab64387a75ccad76f9b4507e0e3a

          SHA512

          3398d688e3a31c35bb23128063cb26c80982a2b9a3b3e741e8dc0c9517c83add45deecad97d625ecbdb846796e811b25eb66cf5c246810f0436847d75861211d

          Download Submit

        • \Users\Admin\AppData\Local\Temp\f763228.tmp
          Filesize

          3.2MB

          MD5

          cd0bcfb38261445a6acf3ab4d85bde50

          SHA1

          e938cd54d9c3b4fb52521f40c6ede9dc0e72588c

          SHA256

          af0d13a71d5828f7f4bfbe19f91b1dea7104ab64387a75ccad76f9b4507e0e3a

          SHA512

          3398d688e3a31c35bb23128063cb26c80982a2b9a3b3e741e8dc0c9517c83add45deecad97d625ecbdb846796e811b25eb66cf5c246810f0436847d75861211d

          Download Submit