Overview

overview

10

Static

static

3

90c3bf20ec...e7.exe

windows7-x64

10

90c3bf20ec...e7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7.exe

  • Size

    12.0MB

  • MD5

    dfd602e0e91c26540727c7a481ecaf9c

  • SHA1

    40c2559af3a2637d4b6ddf5d3c8ecae4eb983ef7

  • SHA256

    90c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7

  • SHA512

    c9762bc5a7f9873374fc57b01b20dc4d26292199fa084986ef1aadefd0019f9bf600169cfa1e47f9750cd0ce4d2dda3cfee22fec3fb67254efdbdf94c3fb2a35

  • SSDEEP

    196608:10/mSNwPXEqFGgVyT2kU/k0fsvY0dHzQrWvE/AsbBmKKVRpVhaNNqvm:iOowPhGP2G0EA0dTRE/AscKCpaqvm

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 9 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7.exe
    "C:\Users\Admin\AppData\Local\Temp\90c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Òì¶ÈÖ®ÈÐmh\4270290c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7.exe
      C:\Òì¶ÈÖ®ÈÐmh\4270290c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2268

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1b9b5b832b9fd9e5034715fb9a408cb6.txt
    Filesize

    14B

    MD5

    d0516ec468684f862fa108a884e63d57

    SHA1

    834e1a05962a48fbc7813e6b980c5208d3c471f0

    SHA256

    6606af1157a10932f0bf3b947e7fb5c85c341acd666cf4f38c509688c6a3678e

    SHA512

    9b09bec786ea793fafa5726350db582a1d0574b0ed0ae2f1256a30bd580f2708e94ea0f2ca951446635e66e26f2cbb8073247bdfeeefa675d490f828fe06e7a6

    Download Submit
  • C:\Òì¶ÈÖ®ÈÐmh\4270290c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7.exe
    Filesize

    12.0MB

    MD5

    dfd602e0e91c26540727c7a481ecaf9c

    SHA1

    40c2559af3a2637d4b6ddf5d3c8ecae4eb983ef7

    SHA256

    90c3bf20ec8fb1bba1e59b3f2fff90d5f80fbffaaf611eabe31196b5445105e7

    SHA512

    c9762bc5a7f9873374fc57b01b20dc4d26292199fa084986ef1aadefd0019f9bf600169cfa1e47f9750cd0ce4d2dda3cfee22fec3fb67254efdbdf94c3fb2a35

    Download Submit
  • memory/2268-21-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2268-54-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2268-52-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2268-28-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2268-26-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2268-22-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-7-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-8-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-20-0x0000000006670000-0x0000000006C6A000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-19-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-18-0x0000000000230000-0x0000000000233000-memory.dmp
    Filesize

    12KB

    Download
  • memory/2796-9-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-0-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-6-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2796-5-0x00000000004FF000-0x0000000000500000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2796-1-0x0000000000230000-0x0000000000233000-memory.dmp
    Filesize

    12KB

    Download