Overview

overview

10

Static

static

10

41c354f1ce...cs.exe

windows7-x64

10

41c354f1ce...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe

  • Size

    355KB

  • MD5

    41c354f1ced98b4a8b39cb0af6482550

  • SHA1

    b1c731090a1467ad288c30c7af3182aea7fff832

  • SHA256

    e6558cbd6922a293e91c0b292ef58494affd161a1e8c61d220fd8d2554505668

  • SHA512

    231778cb6de65cbe23f83879d1b218699584d134ca8c7d40035fbf3bc3a764d0ad0d1d7ae17ca10fb5d3d9939f3047457fec50f78dd5fb1b3d7c76de4481415b

  • SSDEEP

    6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oi:/qvMQ5ibjnwka3pbRC19Gw/Nsoi

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\Systemozvet.exe
      "C:\Users\Admin\AppData\Local\Temp\Systemozvet.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2540

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fpath.ini
    Filesize

    85B

    MD5

    022640d2e08afc57d4f9f434e723f406

    SHA1

    6bcd959cd291fc5dec8e2f8a3448e8b01b1c8a5f

    SHA256

    757f0756e7d418c10c2213d57e740153ea7f4d1ea19db18353fc6d669569277f

    SHA512

    7d262b2b1bc2eeac231f355413a631dbfe53f8241a7b1008cf7c196e5c693642459b16ceed6bc62dd30c8928344b20f1f25b5eec373ab0f27fe59428dcbe2136

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Systemozvet.exe
    Filesize

    355KB

    MD5

    f779abfe64fe8744a0e5411d365c84de

    SHA1

    857221c631d2c9286b03155111decd89f5deddc8

    SHA256

    bfb81a1e137705caf8dc6e548cd77792c39a039ba46eda0a337f0b29fc882099

    SHA512

    abdf0682b316089fd9cba3af323210354dab4bd6e768b79b45c242a30141c7701d8ff99fd2eb10618739b20a0c9db5280ff9ee797ac55d92240256ae6ff5b4db

    Download Submit