Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
25-05-2024 20:07
General
-
Target
5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exe
-
Size
12.9MB
-
MD5
126c88ada5b07e3dac24a1914421d9e6
-
SHA1
4b5287b024539d4641eeaf7280ac9bf748afe6d9
-
SHA256
5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de
-
SHA512
7852bd451011515b7fe34f44c380956a33a7105bd6e06212c7e8b166a606c17bff90d81446eb3c22825d6fc2962edba5c14fd413adeb3da8c50734b1ad4d42cf
-
SSDEEP
393216:BqVbx6ol1nh48/NYBIbRN0W5NVmOUA5g5ZkE4FYS:0V0q1h45IbRn+gElS
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 2 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exe"C:\Users\Admin\AppData\Local\Temp\5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ýˆÌÚð¥¹ÅXXV\5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exeC:\\ýˆÌÚð¥¹ÅXXV\5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ýˆÌÚð¥¹ÅXXV\5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exeC:\ýˆÌÚð¥¹ÅXXV\5e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de.exe3⤵
- Deletes itself
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12.9MB
MD5126c88ada5b07e3dac24a1914421d9e6
SHA14b5287b024539d4641eeaf7280ac9bf748afe6d9
SHA2565e002cc53dabfb054001bf7bf139ced1256d757bf282a6c9be32e09fdc59f2de
SHA5127852bd451011515b7fe34f44c380956a33a7105bd6e06212c7e8b166a606c17bff90d81446eb3c22825d6fc2962edba5c14fd413adeb3da8c50734b1ad4d42cf
-
Filesize
102B
MD54dafe653060bd8954441ce87978940bc
SHA10206ed7dbf059545e38625b319fc74243c59f029
SHA256b1a165556a06a8e658687152176d7c3d9031f8ba98defd1769aa0c193689293e
SHA51263f554eefabdf1bda9755e5ebb2be44375cabb5ade6f7dfb55e7a5744f8c7cf43c8553ce6a921bbfec5affb5c8b5ae9566408d12d44b41b8b2bc9dfb3de201b0
-
Filesize
6.7MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
6.7MB
-
Filesize
1.2MB
-
Filesize
6.7MB
-
Filesize
20.7MB
-
Filesize
20.7MB
-
Filesize
1.2MB
-
Filesize
6.7MB
-
Filesize
6.7MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
20.7MB
-
Filesize
20.7MB
-
Filesize
20.7MB
-
Filesize
436KB
-
Filesize
20.7MB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB