Overview

overview

10

Static

static

10

2024-07-01...id.exe

windows7-x64

10

2024-07-01...id.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-01_8a428965e75c787b26800a83e9694226_icedid.exe

  • Size

    5.6MB

  • MD5

    8a428965e75c787b26800a83e9694226

  • SHA1

    95bbb7b7c4a41b80d26c2562f8863e765972b4b8

  • SHA256

    0cf380d67e300a43aac18877f05f6effee5edd61103f8929a7f7ef4d19b2edf4

  • SHA512

    0bbcb40593ea8ab7701f976f9d1121050d7fb1d52ba19737267598623b87c3a0ede198cdf4fef7fb862cfa686d737057e690c356c690fd88d0e02228009cf648

  • SSDEEP

    98304:/TcdfHtthiBqHriGJesNHkejYsElLRHrtOnRF1Ivktg:/T+zhiBqHmGJesNHkejYsElFtOnR4

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_8a428965e75c787b26800a83e9694226_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_8a428965e75c787b26800a83e9694226_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\rec\bass.dll
    Filesize

    109KB

    MD5

    36946ab0740fa086bfc8b8a86260eee9

    SHA1

    57e154464dd247f14ec90de065d7be685dcc1293

    SHA256

    9ac13f9bc5564fd8a1eab5f7c945dce1c27940dd63a913108eac64481ddde6af

    SHA512

    51a090119c36f19c8b008d52f1faf76ee1d511e151df777c577cf91da84300a8474d7e17004e3f374434b2d16eb1da3cfaee853e47528f9a1f6fb8bab71ed3e1

    Download Submit
  • \Users\Admin\AppData\Local\Temp\rec\bassenc.dll
    Filesize

    18KB

    MD5

    74b6071109d2fa2b27b75bd3cc100bbb

    SHA1

    0038a6a686eeb5bd082a4fb32413a48d4d0f1aff

    SHA256

    8a3391210d0cdebb06b0292d0df9cec3a2bbcbca0b99979b65143b0568f04106

    SHA512

    ccea98da1f00a8ac159703ae13f92748db2d323b94e91b361d6d136515d0c715d394faae5a52664f96f1452d4b5f820eb1b4773a37f0d82c094daaeca1ed8e17

    Download Submit
  • \Users\Admin\AppData\Local\Temp\rec\libexdui.dll
    Filesize

    768KB

    MD5

    36de43aeb9e11544ba8c650ea9fe3362

    SHA1

    c51ca2f3beed4db8ca2a08f1fe9bbcc6a07ddefe

    SHA256

    d7c393ced302cfad9730a501b2128611ce6ece7acad5c23ff2b230478d05c03e

    SHA512

    0c15e831fcfb1ab4d115ddaeae7e362c5ce428903c78c0df06289ffe05a2da49e8f4f68b4b01bac7e07946c338a31c9b4218c822517d8ce0e439d6fab53f0a20

    Download Submit
  • memory/2220-0-0x0000000000400000-0x00000000009D2000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2220-12-0x0000000074880000-0x000000007488D000-memory.dmp
    Filesize

    52KB

    Download
  • memory/2220-7-0x00000000748B0000-0x0000000074900000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2220-17-0x0000000000400000-0x00000000009D2000-memory.dmp
    Filesize

    5.8MB

    Download