Overview

overview

10

Static

static

3

af2d10183a...15.exe

windows7-x64

10

af2d10183a...15.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415.exe

  • Size

    15.9MB

  • MD5

    d654e7e7e0cc5eb6c947226d9db97f44

  • SHA1

    77c9a230a34c0c623882ae73e8e5860aa48c7dba

  • SHA256

    af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415

  • SHA512

    cacf217c24f47defd6f8d8a0cb39ae53446c9253b0ac77f93ffc648beaafc6d4104ab347f6c54172feec6b710dd3c452f739659414b468d54476d3be29c0c422

  • SSDEEP

    393216:iOfkbacqN0WPLWTrPPi/wjYF4DpX/cUJ3r4FP:1fiqhaXP8aYFYp0W0t

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415.exe
    "C:\Users\Admin\AppData\Local\Temp\af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\¡¶ÂåÑþרÊô¡·\30165af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415.exe
      C:\¡¶ÂåÑþרÊô¡·\30165af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2112

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\864369dde4e7c2fc9ed08c0ff162768a.txt
    Filesize

    16B

    MD5

    367128b34d713ace2ec909a731cb1861

    SHA1

    24c978593959b7c7ee45c40a5c1ac8dce3417374

    SHA256

    f0e67d2b451e7f95889cfd73d1fc76e6cc1011eb62049550fb480ff4d168d7fa

    SHA512

    a2ae80381ed539dbcc79b1f577ea0bcab7d0387759b026f0cc0327594a1f8d61475948fc1f4e0d8e9e075a20b86241f1c34f9c89f91fc2b380cbc82ada5b473a

    Download Submit
  • C:\¡¶ÂåÑþרÊô¡·\30165af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415.exe
    Filesize

    15.9MB

    MD5

    d654e7e7e0cc5eb6c947226d9db97f44

    SHA1

    77c9a230a34c0c623882ae73e8e5860aa48c7dba

    SHA256

    af2d10183adf141618f88f8f7a046b1b1a7f1aa53b3e93515360cf24ad233415

    SHA512

    cacf217c24f47defd6f8d8a0cb39ae53446c9253b0ac77f93ffc648beaafc6d4104ab347f6c54172feec6b710dd3c452f739659414b468d54476d3be29c0c422

    Download Submit
  • memory/1908-16-0x0000000000C70000-0x0000000000C73000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1908-6-0x0000000003C30000-0x0000000003C31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1908-5-0x0000000003D70000-0x0000000003D71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1908-7-0x0000000003D80000-0x0000000003D81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1908-1-0x0000000000C70000-0x0000000000C73000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1908-17-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1908-0-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2112-18-0x0000000000B30000-0x0000000000B33000-memory.dmp
    Filesize

    12KB

    Download
  • memory/2112-13-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2112-47-0x0000000000400000-0x00000000009FA000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2112-49-0x0000000000B30000-0x0000000000B33000-memory.dmp
    Filesize

    12KB

    Download