Overview

overview

10

Static

static

10

2024-05-26...id.exe

windows7-x64

10

2024-05-26...id.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 22:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-26_5288aafe52a500efb93aedf7b882c971_gazer_hacktools_icedid.exe

  • Size

    14.2MB

  • MD5

    5288aafe52a500efb93aedf7b882c971

  • SHA1

    6b42444ad2d3ed57e4e9e3ac1b3766b798da6a1c

  • SHA256

    6d0f32c65a535ee1dcd2f05890d2914dab32f0b9cc1a2bb6b63e19d894c5e883

  • SHA512

    b2556de059812a437ccded6965ea16a44ff02a4dcc6de7747c44e923b0c0eec575a9bd8615c75c558e3066b72bf0b4089dd3c6603471a1009cb9d44755f4933f

  • SSDEEP

    196608:7nYOOVYL7G/IZmKt3S5c3a8f8F8g12gqIKvEGPxouAS+JVUII:f2udJIKMG5ouAS+G

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-26_5288aafe52a500efb93aedf7b882c971_gazer_hacktools_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-26_5288aafe52a500efb93aedf7b882c971_gazer_hacktools_icedid.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1004
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
    1⤵
      PID:4248

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1004-0-0x00000000031B0000-0x00000000031BB000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1004-1-0x0000000000400000-0x00000000012A2000-memory.dmp

            Filesize

            14.6MB

            Download

          • memory/1004-2-0x00000000031B0000-0x00000000031BB000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1004-3-0x0000000000819000-0x000000000081A000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1004-4-0x0000000000400000-0x00000000012A2000-memory.dmp

            Filesize

            14.6MB

            Download