Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 04:31
General
-
Target
c266dec6ebbce08b6ff7559ebe28aa33ab899dc8a14293df9799a447774c652a.exe
-
Size
206KB
-
MD5
4d6cea034f9f3ae19b314603f13559cc
-
SHA1
5d9a5cd9ecc286921e7c3f1445b6cac4b863a867
-
SHA256
c266dec6ebbce08b6ff7559ebe28aa33ab899dc8a14293df9799a447774c652a
-
SHA512
117cb6fc577a0ef694b9dae6d3fdd711f492bda33d57767d96fb67b4023c9b1127a6d07fc364fef0e28fef8c4b0589cc18f826da733f3d36d56a06409d661034
-
SSDEEP
6144:8kVdGWKY9gc2clig+thbdmHDUBDPGH6m:8kVIWKqlrDUBi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 4 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c266dec6ebbce08b6ff7559ebe28aa33ab899dc8a14293df9799a447774c652a.exe"C:\Users\Admin\AppData\Local\Temp\c266dec6ebbce08b6ff7559ebe28aa33ab899dc8a14293df9799a447774c652a.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2876-0-0x0000000000400000-0x000000000048F000-memory.dmpFilesize
572KB
-
memory/2876-1-0x0000000000400000-0x000000000048F000-memory.dmpFilesize
572KB
-
memory/2876-2-0x0000000000400000-0x000000000048F000-memory.dmpFilesize
572KB
-
memory/2876-3-0x0000000001FD0000-0x0000000002043000-memory.dmpFilesize
460KB
-
memory/2876-4-0x0000000001FD0000-0x0000000002043000-memory.dmpFilesize
460KB
-
memory/2876-5-0x0000000001FD0000-0x0000000002043000-memory.dmpFilesize
460KB
-
memory/2876-6-0x0000000000400000-0x000000000048F000-memory.dmpFilesize
572KB
-
memory/2876-8-0x0000000001FD0000-0x0000000002043000-memory.dmpFilesize
460KB
-
memory/2876-7-0x0000000000400000-0x000000000048F000-memory.dmpFilesize
572KB