Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 08:14

General

  • Target

    82a54cd3c4f3f05b7671eb98487969cbcbdecdc9a99e7bdf91407de4f2821953.exe

  • Size

    702KB

  • MD5

    9070c9d8803ed977ff718c0d5fa226c6

  • SHA1

    c2654e6585ab3b756d344dc5c80a4463304f825c

  • SHA256

    82a54cd3c4f3f05b7671eb98487969cbcbdecdc9a99e7bdf91407de4f2821953

  • SHA512

    3e19c175efaca7e22c9ab9aba47f9405973ec347e68aaf416ef306b36e7d79d1d16b298693fc66fb26448faf6814dbf855c6320f9626b39b0b86091601ebf57f

  • SSDEEP

    12288:C5hZlSuKSfT5USD/vVbk+Oo7Kw2MR2Kz1OS6f0n17m9s10s/1jD//oS:UXD1ftnj6f0n09saev

Malware Config

Signatures

  • Blackmoon family
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82a54cd3c4f3f05b7671eb98487969cbcbdecdc9a99e7bdf91407de4f2821953.exe
    "C:\Users\Admin\AppData\Local\Temp\82a54cd3c4f3f05b7671eb98487969cbcbdecdc9a99e7bdf91407de4f2821953.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-0-0x0000000000400000-0x00000000006D5000-memory.dmp

    Filesize

    2.8MB

  • memory/1352-1-0x0000000000400000-0x00000000006D5000-memory.dmp

    Filesize

    2.8MB