Overview

overview

10

Static

static

10

28b1d5a2a6...cs.exe

windows7-x64

10

28b1d5a2a6...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe

  • Size

    357KB

  • MD5

    28b1d5a2a630ee3aadc78576c4c06010

  • SHA1

    76bf2bc0e5ecbd81d9bdda78df2420701bcf039c

  • SHA256

    84f9ab5a8e810fd027e7fe0d2e4004444b316a51d6f15951c5d17f0970068748

  • SHA512

    b7a0f0fd547948e8228e99a6910c9f8b75f9b5e3913de19741ddcb5892e3fa0a6f141965c251deb8d0a6de50d1fba27154a023deafe8c361d0e795a7b10bd825

  • SSDEEP

    6144:mvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7om:mvMQ5ibjnwka3pbRC19Gw/Nsom

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\Systemzgchm.exe
      "C:\Users\Admin\AppData\Local\Temp\Systemzgchm.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2140

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fpath.ini
    Filesize

    85B

    MD5

    9a2e15a749720907053f3140197f0fd2

    SHA1

    f5867ca663347afeeffdb0c93c7afdf6f347a53c

    SHA256

    4e430aa94269a5ff8544190ed43230edd973f4239204e4b6f8e521930926ae87

    SHA512

    c5935ff15e2434e88371cde780f12aaaa458e27fd6f4aa1df4d67979c566a841c06190ebd800ef806cd376461693c789d1ff1d06e61301dc6decf02ca82097e8

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Systemzgchm.exe
    Filesize

    357KB

    MD5

    c95a8da42f0d35079e8c7dce05acbece

    SHA1

    45b04fb5b35f2645e84020c0b90dfebe617c00ac

    SHA256

    e0d5f4acaecb9b7c5798a0221a3b664b03c9c738c363a2daad1d82157a6171f9

    SHA512

    84d7b639e552bba3ad81da4d8f5dfd519b5c868c0b10380830d63eefd71698cfb7b3c799644e9e6f774644ee59ae63792eb7335901616d4034f198b20b20be57

    Download Submit