Overview

overview

10

Static

static

7

iQ3.exe

windows7-x64

10

iQ3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iQ3.exe

  • Size

    12.1MB

  • Sample

    240519-137z5ach5s

  • MD5

    471b3fd7a64252013bc26a4c6139583f

  • SHA1

    99b15cd8fda0272cc83567522ea7cff446a76ae9

  • SHA256

    d53c0a8e0297da596435e5026179af97b63182a19d6ec9bab7a7f197b30bbade

  • SHA512

    f412b7115d3235c532ae3943c5ec0ac903d868dfee2e017127942b51799cb9ad38b7a0d1e5a0b6bfccf4cf3227f4c773cd5618c6b175fc66704cbcc5ef7f1801

  • SSDEEP

    196608:xZr6oAzu2g1DqWSAeMkLDcBt53aX31GKtzYq3HyT/grVyuw4V:zrDAzMDqW2dmuX31hhXyT/Sx

Score
10/10
blackmoonbankerbootkitpersistencetrojanvmprotect

Malware Config

Targets

    • Target

      iQ3.exe

    • Size

      12.1MB

    • MD5

      471b3fd7a64252013bc26a4c6139583f

    • SHA1

      99b15cd8fda0272cc83567522ea7cff446a76ae9

    • SHA256

      d53c0a8e0297da596435e5026179af97b63182a19d6ec9bab7a7f197b30bbade

    • SHA512

      f412b7115d3235c532ae3943c5ec0ac903d868dfee2e017127942b51799cb9ad38b7a0d1e5a0b6bfccf4cf3227f4c773cd5618c6b175fc66704cbcc5ef7f1801

    • SSDEEP

      196608:xZr6oAzu2g1DqWSAeMkLDcBt53aX31GKtzYq3HyT/grVyuw4V:zrDAzMDqW2dmuX31hhXyT/Sx

    Score
    10/10
    blackmoonbankerbootkitpersistencetrojanvmprotect

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks