Overview

overview

10

Static

static

7

60afa1da09...01.exe

windows7-x64

10

60afa1da09...01.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901.exe

  • Size

    15.4MB

  • MD5

    6c383722ad1c17ca56ec68423b58164f

  • SHA1

    770a9217fd95d2fb5346f46d114ba9bf7dc75cb3

  • SHA256

    60afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901

  • SHA512

    0e3f9afc8d9983816d56bb93cb1a03c024e83aa3ead68d6611867570bdd127d4c2ac2b8c00c1d29332004de15098dee4ea1cae7c6202cf2c17d595b419b4296e

  • SSDEEP

    393216:gPDPKFpGNvnodC5/3LhAvxvkKL0+8zFf32YJzW1aJ:YSFpGZR5/3LaVkoYh2YJW10

Score
10/10
blackmoonaspackv2bankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 8 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901.exe
    "C:\Users\Admin\AppData\Local\Temp\60afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\9SFÍò½çħÖ÷\3367460afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901.exe
      C:\9SFÍò½çħÖ÷\3367460afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\9SFÍò½çħÖ÷\3367460afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901.exe
    Filesize

    15.4MB

    MD5

    6c383722ad1c17ca56ec68423b58164f

    SHA1

    770a9217fd95d2fb5346f46d114ba9bf7dc75cb3

    SHA256

    60afa1da090d4ae091c03c92cae5e2f59753bd3236968bccc7998efd1f651901

    SHA512

    0e3f9afc8d9983816d56bb93cb1a03c024e83aa3ead68d6611867570bdd127d4c2ac2b8c00c1d29332004de15098dee4ea1cae7c6202cf2c17d595b419b4296e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\12dbfc28a8a34a98a84a0db77a8f2134.txt
    Filesize

    15B

    MD5

    bc39f4faa60ec6b3a3fc283a05984747

    SHA1

    c5c8d1faabdc13e1f7db6399d36ec9cf48ccd45a

    SHA256

    e7acdccd5bc382a74ea1b9a5da5a4b76cc268df250d27f29b5967c0dbbccc4ca

    SHA512

    100af08b64c2aa1b2021be03707a8d4e1f462a39b8b31da38c860f9d5e513f5ee43535b5425d2e2070ff2df52d61515166f58ce97b0ecb56aad4a8cc5e58b343

    Download Submit

  • memory/2548-19-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2548-49-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2548-20-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2548-18-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2684-7-0x0000000003C80000-0x0000000003C81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-0-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2684-8-0x0000000003A10000-0x0000000003A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-17-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2684-9-0x0000000003C90000-0x0000000003C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-3-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2684-1-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2684-2-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download