blackmoon | 952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe
Size

11.7MB
MD5

9650a86627a6d85f26b5d702e4602075
SHA1

2cee1afbe5e9972211d8b8e7e51b0b2cc334149e
SHA256

952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809
SHA512

cc0a9ccbdf005b02cadde7a9818a5144c96d7e49e00c393615f21c7159ef7d8a1310b3b1e41a93485e6f777244aa45ce61ceb495fd2c24fabdc2a081a9a35887
SSDEEP

196608:SAQvhlLEhpxoW7FsGfHCLNsp9aoi5On8tnsSb2Wh2FC3URrd6eqzyQdWh:lQ4LFTfiepZigikC3UR5qmKI

Score

10^/10

blackmoon banker trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 6 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2972-39-0x0000000000400000-0x000000000188B000-memory.dmp	family_blackmoon
behavioral1/memory/2972-35-0x0000000000400000-0x000000000188B000-memory.dmp	family_blackmoon
behavioral1/memory/2972-40-0x0000000000400000-0x000000000188B000-memory.dmp	family_blackmoon
behavioral1/memory/2972-41-0x0000000000400000-0x000000000188B000-memory.dmp	family_blackmoon
behavioral1/memory/2972-42-0x0000000000400000-0x000000000188B000-memory.dmp	family_blackmoon
behavioral1/memory/2972-44-0x0000000000400000-0x000000000188B000-memory.dmp	family_blackmoon

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2972-43-0x0000000001A20000-0x0000000001A56000-memory.dmp	upx
behavioral1/memory/2972-45-0x0000000001A20000-0x0000000001A56000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe

pid process

2972 952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe

pid	process
2972	952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe
2972	952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe

C:\Users\Admin\AppData\Local\Temp\952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe
"C:\Users\Admin\AppData\Local\Temp\952c58f5bffc8f205d2501df57733262a54e4f7f8cd5a6d5e158d57bb1200809.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2972-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2972-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2972-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2972-34-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2972-32-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2972-29-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2972-27-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2972-24-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2972-22-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2972-19-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2972-17-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2972-14-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2972-12-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2972-10-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2972-9-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2972-7-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2972-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2972-39-0x0000000000400000-0x000000000188B000-memory.dmp

Filesize
20.5MB

Download
memory/2972-35-0x0000000000400000-0x000000000188B000-memory.dmp

Filesize
20.5MB

Download
memory/2972-38-0x00000000006E6000-0x0000000000CDB000-memory.dmp

Filesize
6.0MB

Download
memory/2972-40-0x0000000000400000-0x000000000188B000-memory.dmp

Filesize
20.5MB

Download
memory/2972-41-0x0000000000400000-0x000000000188B000-memory.dmp

Filesize
20.5MB

Download
memory/2972-42-0x0000000000400000-0x000000000188B000-memory.dmp

Filesize
20.5MB

Download
memory/2972-43-0x0000000001A20000-0x0000000001A56000-memory.dmp

Filesize
216KB

Download
memory/2972-44-0x0000000000400000-0x000000000188B000-memory.dmp

Filesize
20.5MB

Download
memory/2972-45-0x0000000001A20000-0x0000000001A56000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads