Overview

overview

10

Static

static

10

a39b3343e9...a6.exe

windows7-x64

10

a39b3343e9...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 10:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a39b3343e91a8e362807423f7b49f5b41a72a24e27781f729223cd11252113a6.exe

  • Size

    13.8MB

  • MD5

    cb4564eccc0043c67c88b24cc8120ed0

  • SHA1

    a83ef29c96f4b1e120ad3327796d710e647b7846

  • SHA256

    a39b3343e91a8e362807423f7b49f5b41a72a24e27781f729223cd11252113a6

  • SHA512

    20677c9054ebd0316c74f483a565bdbf5d1800c9d84ec2294f201b643c4ef6dbec85a1f00b755d98632ba09e66b915d6aefc0843a8752d8b46346d8505f37a3a

  • SSDEEP

    393216:sGf48a+E0C+Q8eHPYAJ07YVPydBeukEtC/W5/St/lC9:hOlUE3y0hydBwaC/W5atI9

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 4 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a39b3343e91a8e362807423f7b49f5b41a72a24e27781f729223cd11252113a6.exe
    "C:\Users\Admin\AppData\Local\Temp\a39b3343e91a8e362807423f7b49f5b41a72a24e27781f729223cd11252113a6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2180

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Roaming\Downloader\libcurl.dll
          Filesize

          759KB

          MD5

          b8d07f6ebe3d5473fa6e5c4aa3670bd6

          SHA1

          0300e9767e9ebe8f7ba88beea16e08c51549ea86

          SHA256

          927b9c233435dcde129586d0be8351c165adbc2d35bfb63d9b557abe8dc10703

          SHA512

          866a67e890456fd7b94d3d55b293a124053c75a56c7ef3d646329ec8ab300c365b319ab09daad81644a13a17803a663a426e0a4b78761082ae0b6ab590886efd

          Download Submit

        • memory/2180-0-0x0000000010000000-0x0000000010116000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2180-4-0x0000000000400000-0x0000000001B46000-memory.dmp

          Filesize

          23.3MB

          Download

        • memory/2180-5-0x0000000003F20000-0x0000000003FDE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/2180-9-0x0000000000400000-0x0000000001B46000-memory.dmp

          Filesize

          23.3MB

          Download

        • memory/2180-10-0x0000000000400000-0x0000000001B46000-memory.dmp

          Filesize

          23.3MB

          Download

        • memory/2180-11-0x0000000074E50000-0x000000007500F000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2180-12-0x0000000000400000-0x0000000001B46000-memory.dmp

          Filesize

          23.3MB

          Download

        • memory/2180-13-0x0000000000400000-0x0000000001B46000-memory.dmp

          Filesize

          23.3MB

          Download

        • memory/2180-14-0x0000000074E50000-0x000000007500F000-memory.dmp

          Filesize

          1.7MB

          Download