Analysis Overview

score

10^/10

SHA256

82e42641696554e468e1658020a4c23f3bbd03cd734ed364f0e67799cf32e2ed

Threat Level: Known bad

The file X2.exe was found to be: Known bad.

Malicious Activity Summary

upx blackmoon banker trojan

Detect Blackmoon payload

Blackmoon, KrBanker

UPX packed file

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 07:18

Signatures

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 07:18

Reported

2024-06-15 07:19

Platform

win7-20240220-en

Max time kernel

51s

Max time network

27s

Command Line

"C:\Users\Admin\AppData\Local\Temp\X2.exe"

Signatures

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\X2.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\X2.exe

"C:\Users\Admin\AppData\Local\Temp\X2.exe"

Network

Country	Destination	Domain	Proto
CN	222.186.172.42:8080		tcp

Files

memory/2912-0-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/2912-1-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/2912-3-0x0000000000400000-0x00000000004D3000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 07:18

Reported

2024-06-15 07:20

Platform

win10v2004-20240611-en

Max time kernel

51s

Max time network

41s

Command Line

"C:\Users\Admin\AppData\Local\Temp\X2.exe"

Signatures

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\X2.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\X2.exe

"C:\Users\Admin\AppData\Local\Temp\X2.exe"

Network

Country	Destination	Domain	Proto
CN	222.186.172.42:8080		tcp
US	8.8.8.8:53	g.bing.com	udp
US	13.107.21.237:443	g.bing.com	tcp
US	8.8.8.8:53	8.8.8.8.in-addr.arpa	udp
US	8.8.8.8:53	71.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	144.107.17.2.in-addr.arpa	udp
US	8.8.8.8:53	237.21.107.13.in-addr.arpa	udp
NL	23.62.61.97:443	www.bing.com	tcp
US	8.8.8.8:53	88.156.103.20.in-addr.arpa	udp
US	8.8.8.8:53	97.61.62.23.in-addr.arpa	udp
US	8.8.8.8:53	183.59.114.20.in-addr.arpa	udp
US	8.8.8.8:53	15.164.165.52.in-addr.arpa	udp
US	8.8.8.8:53	172.214.232.199.in-addr.arpa	udp

Files

memory/1264-0-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/1264-1-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/1264-2-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/1264-3-0x0000000000400000-0x00000000004D3000-memory.dmp

Sample ID	240615-h46jkssbmc
Target	X2.exe
SHA256	82e42641696554e468e1658020a4c23f3bbd03cd734ed364f0e67799cf32e2ed
Tags	upx blackmoon banker trojan

Malware Analysis Report

2024-09-11 19:04

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files