Analysis

  • max time kernel
    139s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 20:17

General

  • Target

    6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe

  • Size

    12.1MB

  • MD5

    e9b7c03bfec3b32e34104c9b0cefab54

  • SHA1

    c10325c5ef3a114201babaccff6d2788ae8d5ade

  • SHA256

    6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff

  • SHA512

    ea310613136cd09ef8ba516f20afc98e6511b5be5112f59e6c4f1a4dd172ba90c6374425bb43448ca409cf150e5865ef52619b21fa2506fcab99ab4894158838

  • SSDEEP

    196608:wJV4VrkilC9WefqlfIRM3LhKC7DHhN8bhCgmsrpW9kElNmj9G/eK:w5ilC9DfqlfIg77NGbprAvmj9Gm

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 2 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe
    "C:\Users\Admin\AppData\Local\Temp\6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\e576dae.tmp

          Filesize

          1.2MB

          MD5

          58ce1611349d9c3fdbe84019439819b2

          SHA1

          110b3ba2d99629aa1148daca6aa2a350356305a6

          SHA256

          36c7d8f359926e61290ede70a426b863470adc47312c3e4b6039a9ab4b63c9f6

          SHA512

          3f46fcd3fd83ae7c7d20b016f9a58be0090f2e8c9342ffa915ca7e9e68c5212e46df18ba40270dcb96a9732b38e2d9a5895198cf07929df6c1872afb72bbd190

        • memory/4948-5-0x00000000004A0000-0x00000000010F6000-memory.dmp

          Filesize

          12.3MB

        • memory/4948-0-0x0000000010000000-0x000000001054E000-memory.dmp

          Filesize

          5.3MB

        • memory/4948-12-0x00000000004A0000-0x00000000010F6000-memory.dmp

          Filesize

          12.3MB