Overview

overview

10

Static

static

7

479a8e3fe4...da.exe

windows7-x64

10

479a8e3fe4...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe

  • Size

    14.7MB

  • MD5

    5c6fb210d8da691453b79456b560ae90

  • SHA1

    35b5b71cf2fc3293b5cce909b66fb77fa0526f7e

  • SHA256

    479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da

  • SHA512

    aad43980acb0ac3311301b5e7a9df6ccb09a0ebbbd3086730070480aabe7653dccd551cd5a11bd9e1d22dfefc0d789c74457c9233a44ebab928ed59cbb878f46

  • SSDEEP

    393216:gPDP+pGNvLi8oIf73hW3qy/P3i6i84IH7kEjqpYFCC2:Y2pGl6If7RlEjJ4mwEjEUk

Score
10/10
blackmoonaspackv2bankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 8 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe
    "C:\Users\Admin\AppData\Local\Temp\479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\¹Å½£×¨Êô[VDY]\36441479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe
      C:\¹Å½£×¨Êô[VDY]\36441479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1699784ed9adee5113cb924e977ef1c2.txt
    Filesize

    17B

    MD5

    7acec360264d8b72b4fd728179d5cf66

    SHA1

    ab03e43c8fb570895da41ad5c68a1850d88175a9

    SHA256

    f971f123ae58b2d69e285ec53a61ad870df4e49b16758e700d8a101170c0a0a3

    SHA512

    eaee6c419d19827929af059fc7863b9557c9e0d79730ae99cdf6cdd6906f5789521b8792d21242d6e170649ba897ab248ef0b89ad718aa6e6186b6892443be01

    Download Submit
  • C:\¹Å½£×¨Êô[VDY]\36441479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe
    Filesize

    14.7MB

    MD5

    5c6fb210d8da691453b79456b560ae90

    SHA1

    35b5b71cf2fc3293b5cce909b66fb77fa0526f7e

    SHA256

    479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da

    SHA512

    aad43980acb0ac3311301b5e7a9df6ccb09a0ebbbd3086730070480aabe7653dccd551cd5a11bd9e1d22dfefc0d789c74457c9233a44ebab928ed59cbb878f46

    Download Submit
  • memory/1048-50-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1048-20-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1048-19-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1048-21-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1048-18-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1052-2-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1052-17-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1052-7-0x0000000003F90000-0x0000000003F91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1052-8-0x0000000003B20000-0x0000000003B21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1052-9-0x0000000003FA0000-0x0000000003FA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1052-0-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1052-3-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1052-1-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download