Overview

overview

10

Static

static

3

26f4213caa...d7.exe

windows7-x64

10

26f4213caa...d7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7.exe

  • Size

    13.7MB

  • MD5

    f754de0303fc8630411914324e18e268

  • SHA1

    3320bcc2ca0cda7df4663023c4f8e327ef50ba0a

  • SHA256

    26f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7

  • SHA512

    4e05a92304a0997cd3f69cd7f9dd35840ed5fadbd9314342ce4d5b6d838f6166d093fdeed6c433274f2cd234803a1354d4710bc8a16d4e05536671232d1d8538

  • SSDEEP

    393216:iO4kpD4W2odC5v3LhAvxrnQMrvqQaHfo8VEbE40Fmy5ST:14kpDf2R5v3LaVQayo8VEEDA

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7.exe
    "C:\Users\Admin\AppData\Local\Temp\26f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\9SFÔ­ÉñÊÀ½ç\3934026f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7.exe
      C:\9SFÔ­ÉñÊÀ½ç\3934026f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4896

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\9SFÔ­ÉñÊÀ½ç\3934026f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7.exe
    Filesize

    13.7MB

    MD5

    f754de0303fc8630411914324e18e268

    SHA1

    3320bcc2ca0cda7df4663023c4f8e327ef50ba0a

    SHA256

    26f4213caab3e93c2d50fccc6716df2fb4e0bed666c37e2ec8142d6c176ba7d7

    SHA512

    4e05a92304a0997cd3f69cd7f9dd35840ed5fadbd9314342ce4d5b6d838f6166d093fdeed6c433274f2cd234803a1354d4710bc8a16d4e05536671232d1d8538

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\ce4c9e1dbc907e4f4ae843367ca5a46e.txt
    Filesize

    15B

    MD5

    18c4ac2680305c3363812424f6e2ed39

    SHA1

    f332b41f5aaba3eb5061648d2ccfc768250b7a2f

    SHA256

    2f47ee82967feb1107747eb74e0a8937421974be0108ea03987c438cf963ee4f

    SHA512

    158d2383ca3cc34b4b3251201f5030b2dfd1c7244d89bd877d627dc4804e716e8ccc015febdf13e1f595ac8b0da5a2c3cbb18bf11c7bd40c8f388b17e4b70055

    Download Submit
  • memory/656-14-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/656-6-0x0000000003F60000-0x0000000003F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/656-5-0x00000000040C0000-0x00000000040C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/656-7-0x00000000040D0000-0x00000000040D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/656-1-0x0000000000B20000-0x0000000000B23000-memory.dmp
    Filesize

    12KB

    Download
  • memory/656-15-0x0000000000B20000-0x0000000000B23000-memory.dmp
    Filesize

    12KB

    Download
  • memory/656-0-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/4896-17-0x0000000000B20000-0x0000000000B23000-memory.dmp
    Filesize

    12KB

    Download
  • memory/4896-16-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/4896-46-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/4896-48-0x0000000000B20000-0x0000000000B23000-memory.dmp
    Filesize

    12KB

    Download