Overview

overview

10

Static

static

10

d2209f4ee0...d4.exe

windows7-x64

10

d2209f4ee0...d4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 19:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d2209f4ee0449f4c6a8e037f4bc34bbe49a1b733db97a4fbf9415f398c8237d4.exe

  • Size

    7.9MB

  • MD5

    3c7eac7e12868046dbb518b82212ed41

  • SHA1

    c773d881a7fff1bf8a7df9a5563ffc07a3bfb207

  • SHA256

    d2209f4ee0449f4c6a8e037f4bc34bbe49a1b733db97a4fbf9415f398c8237d4

  • SHA512

    b58a4a749736a803750c37b44a6f00dc21031a9401c76535e8a23e8b8f6152ad2d6f00a1746c564d777d68bc396155e6e2167aa4503d136f7c04562bf1e0efb9

  • SSDEEP

    98304:hHkk136sk8SF0wvIbKKExgGg3bb5P8Zj1JIHG9+kY3:d/z0QqSLbG5AG9Y3

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2209f4ee0449f4c6a8e037f4bc34bbe49a1b733db97a4fbf9415f398c8237d4.exe
    "C:\Users\Admin\AppData\Local\Temp\d2209f4ee0449f4c6a8e037f4bc34bbe49a1b733db97a4fbf9415f398c8237d4.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1588

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1588-0-0x0000000000400000-0x0000000000C27000-memory.dmp

          Filesize

          8.2MB

          Download

        • memory/1588-1-0x0000000002C00000-0x0000000002DAD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1588-6-0x0000000000400000-0x0000000000C27000-memory.dmp

          Filesize

          8.2MB

          Download

        • memory/1588-7-0x0000000002C00000-0x0000000002DAD000-memory.dmp

          Filesize

          1.7MB

          Download