Overview

overview

10

Static

static

3

03d3201912...0N.exe

windows7-x64

10

03d3201912...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03d3201912f828f2133dcfe2d63ccef0N.exe

  • Size

    44KB

  • MD5

    03d3201912f828f2133dcfe2d63ccef0

  • SHA1

    a5f0f3e56472972832ddbbed942c67733b041589

  • SHA256

    8d59657585b67cdc2b002f32b02e60edc5affcf69127eb514a149eb923766ab9

  • SHA512

    62fbf6221e513078776dc86c54a2f3cd96f9bb52d9e0a19717ad0fe654518f21ebed8bb9eb945aa4e73a2d99107cb6bd8e838ec9e3a9d97cd96282b23a0590d1

  • SSDEEP

    768:KmZ70XUP0K2I5f6VJiPy6jBZTCRoMUHIYhlDkYi0sDaF8QCFSXbyt/CSF7p97DyI:Kf2V2IOSXQoMUHFhSYr+DQLytpFF

Score
10/10
blackmoonbankerdiscoverytrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03d3201912f828f2133dcfe2d63ccef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\03d3201912f828f2133dcfe2d63ccef0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2680
    • \??\c:\3lxxrlf.exe
      c:\3lxxrlf.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:4224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\3lxxrlf.exe
    Filesize

    44KB

    MD5

    009d938531a0763599db6e762338785d

    SHA1

    65643ed41dbba0b6b4945b917b84ca49242c646c

    SHA256

    b56fe8b36d64cae56cd027580e12a2a7d31d62d06531231da5cc4013ce34f45d

    SHA512

    24fe6695663a7267b16b536a40e8c0a3cd79df520f358b0ff654c62b586167781e9c5d9b0a011a8b35ef2555efb9ad2e5c6bfdc656f3b509aa04cfd28e5e843b

    Download Submit

  • \??\c:\jl
    Filesize

    71B

    MD5

    3f5c87eec853622f9e811bc528087ba1

    SHA1

    88832d35bb8b4fe39e76720a3262992211d5305c

    SHA256

    55c402e3d92a52e7fa69ef6891b30eb483cf93dc4d150ae8a49b6d5e1986d058

    SHA512

    be0a9ae33c882f75f7352aff4deca486535f9a8a3ad078015db0f5c79c22a90e8f1a7b557d1e9e4796a64d32b9c432575f2519158d6faf66d4e107f0a34b11ea

    Download Submit

  • memory/2680-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2680-6-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4224-10-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download