Overview

overview

10

Static

static

3

c2d2fe410a...4b.exe

windows7-x64

10

c2d2fe410a...4b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2d2fe410aa7215bdaa21ce7fcc30292a2051683de12afd447a6bf476d58354b.exe

  • Size

    44KB

  • MD5

    a3275fd4af5efc528c157a45673c7721

  • SHA1

    3c126c3094315876a87ac76e3256a619d4ab83fb

  • SHA256

    c2d2fe410aa7215bdaa21ce7fcc30292a2051683de12afd447a6bf476d58354b

  • SHA512

    c7bdad4a2b83a14431da61e756e22997d8f7f61d49764b213a1c54db694d9e01caa105d078239ef5ed3b45c4e9fe2139dbacb01ecec34899900829bc7588164e

  • SSDEEP

    768:KmZ70XUP0K2I5f6VJiPy6jBZTCRoMUHIYhlDkYi0sDaF8QCFSXbyt/CSF7p97Dl:Kf2V2IOSXQoMUHFhSYr+DQLytpFx

Score
10/10
blackmoonbankerdiscoverytrojan

Malware Config

Signatures

  • Blackmoon family
    blackmoon
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2d2fe410aa7215bdaa21ce7fcc30292a2051683de12afd447a6bf476d58354b.exe
    "C:\Users\Admin\AppData\Local\Temp\c2d2fe410aa7215bdaa21ce7fcc30292a2051683de12afd447a6bf476d58354b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2396
    • \??\c:\c800666.exe
      c:\c800666.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\c800666.exe
    Filesize

    44KB

    MD5

    83e39b9f16f8b8fa86d194123cc14def

    SHA1

    1b890b3c6ac0cd1fece5022ee7b77f83f2b576f4

    SHA256

    9d43f3eb3ba80b255c29ae12f7895516afacdc24052e1df25a9bb797cec6be63

    SHA512

    4142632f2f96a7a617fe9442c01311d2aa74c7d83052eda8ec6caa36dfd2a6dbaf18114381ae494d8df798ce951ec8c41365950cbe38a9125fee0726be21e1cf

    Download Submit

  • \??\c:\jl
    Filesize

    102B

    MD5

    992b84b4c0c2f2b88ed9b49e1945c083

    SHA1

    45274cfc15098d3ed22fc1e9c5917896564c96f2

    SHA256

    05132acde98a2cee1994733a3801da5e4dbe3e22c43b169586a1ed7544205ce3

    SHA512

    a29f6c35049b875d125e32c60d8d1f03130a0e2e72c90ddd4c0bd0850e216ebe260b2ad52227df8bbda2f6b2492dc806eb2066775b082ccbf326ac9a0865a666

    Download Submit

  • memory/1644-10-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1644-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2396-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2396-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download