Overview

overview

10

Static

static

10

f18b2d9ca2...76.exe

windows7-x64

10

f18b2d9ca2...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe

  • Size

    431KB

  • MD5

    6f882a62faa48c6722bd0da1b34c26a4

  • SHA1

    e47f36f68f92f6c7e57e92379dd63f84e5f682dd

  • SHA256

    f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76

  • SHA512

    b4c7cd6e25e1a7e909399715bf5a840baf6cfcc2f156d5a1c7a80377f98efb09c646eca9841734afb737ed8182f210fd492899030013c65bb286c45219b8452e

  • SSDEEP

    3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKU4:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+b

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe
    "C:\Users\Admin\AppData\Local\Temp\f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\Systemsywbd.exe
      "C:\Users\Admin\AppData\Local\Temp\Systemsywbd.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2644

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\path.ini
    Filesize

    102B

    MD5

    7f8645fb30d48c7c334029db7c62e08b

    SHA1

    2564e0f0bbca93551e1e0e90c8c6e1ea0add3dfd

    SHA256

    b9f4bedb94b3cb881f9ffe78611f95e059a2325ef1b0e96f5804593c24bcb762

    SHA512

    c732d508ca4e997308e06971f068c6a82dfcce68766e63fe1ef95a9dc085ae801911aa2e7bb6d3bf42e8460049b5fd39cf5014a3c300f19751304f647a589cff

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Systemsywbd.exe
    Filesize

    431KB

    MD5

    889ec41dbe52a28ced32ec5cd82f3c2e

    SHA1

    a28b859073ffabed0d59264f4fe84494562c1f84

    SHA256

    42b315b9d0c97714a040826ee727d2a848ed9aa0303b1242a7123c593995da2a

    SHA512

    855a3b3682be852fa4e74d514b5371f5cf4cdd015de896fce2df6b029cef5a0ac9c1b545e16663fde7501f29f3e4076fca365bd06a67af7f6a699bb8204357b9

    Download Submit