Overview

overview

10

Static

static

10

f18b2d9ca2...76.exe

windows7-x64

10

f18b2d9ca2...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe

  • Size

    431KB

  • MD5

    6f882a62faa48c6722bd0da1b34c26a4

  • SHA1

    e47f36f68f92f6c7e57e92379dd63f84e5f682dd

  • SHA256

    f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76

  • SHA512

    b4c7cd6e25e1a7e909399715bf5a840baf6cfcc2f156d5a1c7a80377f98efb09c646eca9841734afb737ed8182f210fd492899030013c65bb286c45219b8452e

  • SSDEEP

    3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKU4:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+b

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe
    "C:\Users\Admin\AppData\Local\Temp\f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\Systemhjzkp.exe
      "C:\Users\Admin\AppData\Local\Temp\Systemhjzkp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\path.ini
    Filesize

    102B

    MD5

    7f8645fb30d48c7c334029db7c62e08b

    SHA1

    2564e0f0bbca93551e1e0e90c8c6e1ea0add3dfd

    SHA256

    b9f4bedb94b3cb881f9ffe78611f95e059a2325ef1b0e96f5804593c24bcb762

    SHA512

    c732d508ca4e997308e06971f068c6a82dfcce68766e63fe1ef95a9dc085ae801911aa2e7bb6d3bf42e8460049b5fd39cf5014a3c300f19751304f647a589cff

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Systemhjzkp.exe
    Filesize

    431KB

    MD5

    9fafe913d5e0a0d9c4944c27eb08475b

    SHA1

    b7b57f436d6164b9510355f296a85b7efc0749e2

    SHA256

    f2d79a72e8ebf8c580306c0cbfe6ebf6e0810a66500a64613a80beef2aebf7f1

    SHA512

    2af1d14de765bc2c9e7dc85684ae1f2e0fae0ece6e85628fde3f2a414ffec805ce1a482d612c64a2b31134fc26ed19e1dda86c577cf78dd0b13b621454a19fec

    Download Submit