Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-12-2024 17:50
General
-
Target
71bd1df7edfcd6b85dbf367ebe92ad41515d7dc40108392fb33c20b4d524776d.exe
-
Size
685KB
-
MD5
0be6ee861413fde4d9bb359c99a64a5a
-
SHA1
6d99b15a78b03fc66a3e1cc8babeff9adcfe0358
-
SHA256
71bd1df7edfcd6b85dbf367ebe92ad41515d7dc40108392fb33c20b4d524776d
-
SHA512
791f13939c95568b04b1372d630c29e601ad32684f8dda3396cd8846fdecb46bf3d6cca0c4aa6a6b8345713ca71bcadbe32dfa86a682cfef61be7cbdbdfb60fc
-
SSDEEP
12288:f5AavEnQSnGGPsVPYQmoB6f2PBefE4C1f7SZgXuMoAugwTwhFSv15LMs8EcbBoS:f5jt6GGPsVPYFk60VV1XAAmTwbM16E
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\71bd1df7edfcd6b85dbf367ebe92ad41515d7dc40108392fb33c20b4d524776d.exe"C:\Users\Admin\AppData\Local\Temp\71bd1df7edfcd6b85dbf367ebe92ad41515d7dc40108392fb33c20b4d524776d.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
-
Filesize
2.9MB