Overview

overview

10

Static

static

3

90d59daa5f...96.exe

windows7-x64

10

90d59daa5f...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90d59daa5f72eda799486388b9eb35671e780545576b47107d66fbca586f8496.exe

  • Size

    3.2MB

  • MD5

    0eb0ac26b56abb31ff158ce3a737c3e4

  • SHA1

    9ce4bc99fd3a8d35dc2dc7670f7ab6ec4a3f7670

  • SHA256

    90d59daa5f72eda799486388b9eb35671e780545576b47107d66fbca586f8496

  • SHA512

    502be310e9b3ac8977e801d3f73b65944c1fbe5b3e7ad0c915a4775b56d3b6d088970727f97dd0d09c9a9c846dfda4c3e98594984588ecc5a1d6be949fb8ce90

  • SSDEEP

    24576:f4HH9GBtJr9YH6i4bJhHhVF0x4MZ591k9qzsqoJ2/Y/61oBhNdbxlypfWdvFe+Jz:fix4K2q82gVVdFApfOFTipzdUJ

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90d59daa5f72eda799486388b9eb35671e780545576b47107d66fbca586f8496.exe
    "C:\Users\Admin\AppData\Local\Temp\90d59daa5f72eda799486388b9eb35671e780545576b47107d66fbca586f8496.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2248
    • \??\c:\admin.exe
      c:\admin.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\11.ini
    Filesize

    39B

    MD5

    b62c2c31f63dd53fe3c0fa7177e2b776

    SHA1

    075abbe98f6651ef133f78eb210dfd9b71629e48

    SHA256

    c68886cc4c9d3cc75ab2d9d386b6834dcd7198d43b9179f62cb56e953e1740ab

    SHA512

    7b9831672c0d0786ae61faf120dc6733b5e19e4141491b8bfa94c834e7024472c8231a056a30cd8dbcb109fb9b67cba733a34c86b2818d6b1090985cdf7cb060

    Download Submit

  • C:\admin.exe
    Filesize

    372KB

    MD5

    9ed304603b3c00d5168b76a0b61332f0

    SHA1

    50f57ac837f9a325058a73181a4d33e2a66b4f8d

    SHA256

    1ce90640766c1c1bb7d18fc94f429b794811d11d1a0b627696ab07f9075f7114

    SHA512

    b96358c2c8950454c5ef17438ecd02525d116447af6ecefa9cdaaddd7b18634c46b23252d3d26f3c46c50df470ed9a405f652c53798e0d6a39c28f6a112d5af4

    Download Submit

  • memory/2248-2-0x0000000002370000-0x0000000002485000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2248-6-0x0000000002370000-0x0000000002485000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2248-11-0x0000000010000000-0x0000000010024000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2248-13-0x0000000076CF1000-0x0000000076CF2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2248-12-0x0000000010000000-0x0000000010024000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2248-14-0x0000000076CE0000-0x0000000076DF0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2248-18-0x0000000010000000-0x0000000010024000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2248-19-0x0000000076CE0000-0x0000000076DF0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2712-8-0x0000000000400000-0x0000000000515000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2712-15-0x0000000000400000-0x0000000000515000-memory.dmp

    Filesize

    1.1MB

    Download