Overview

overview

10

Static

static

3

ffc6f59282...cs.exe

windows7-x64

10

ffc6f59282...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffc6f59282bd9f74a606023447d1fe10_NeikiAnalytics.exe

  • Size

    380KB

  • Sample

    240519-vw5njahe5s

  • MD5

    ffc6f59282bd9f74a606023447d1fe10

  • SHA1

    43c575deeb1b9ef3eebccc5f137e7ad41a44043a

  • SHA256

    7fb6311af5551e178515d8ec3127c90afa9c2deb5376ba0f8a30980d213719f1

  • SHA512

    9e7eb6825667e7ec8ee938ee8a85cb99a00522211f2f2aac5d6288acce90e9e1963e0f7d1ec3a9ed8be942d7e911576bbbd449f4f86174416d5a5f175989870b

  • SSDEEP

    6144:bzYwwTDaRFpzA0+NVweuGCE9G2+E7fXyEWTLgWq/taluBkdGwxXCe6Nq3FgD3ZEB:bzYwYDa3S0+NVweuGCk/4gWqgluBZw1D

Score
10/10
blackmoonbankertrojanupx

Malware Config

Targets

    • Target

      ffc6f59282bd9f74a606023447d1fe10_NeikiAnalytics.exe

    • Size

      380KB

    • MD5

      ffc6f59282bd9f74a606023447d1fe10

    • SHA1

      43c575deeb1b9ef3eebccc5f137e7ad41a44043a

    • SHA256

      7fb6311af5551e178515d8ec3127c90afa9c2deb5376ba0f8a30980d213719f1

    • SHA512

      9e7eb6825667e7ec8ee938ee8a85cb99a00522211f2f2aac5d6288acce90e9e1963e0f7d1ec3a9ed8be942d7e911576bbbd449f4f86174416d5a5f175989870b

    • SSDEEP

      6144:bzYwwTDaRFpzA0+NVweuGCE9G2+E7fXyEWTLgWq/taluBkdGwxXCe6Nq3FgD3ZEB:bzYwYDa3S0+NVweuGCk/4gWqgluBZw1D

    Score
    10/10
    blackmoonbankertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks