blackmoon | b4b0d125202a42156de8db936fd159a5c4eabc537910f27a9caf8a346b74eb7a

Analysis

max time kernel
1s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 08:28

Target

google-setup_104357465463146543.exe
Size

2.8MB
MD5

31c4dd89e640cc438ab60485ed835198
SHA1

d8184ae55b594a0b59268979badac691af8ab6ef
SHA256

b4b0d125202a42156de8db936fd159a5c4eabc537910f27a9caf8a346b74eb7a
SHA512

062624186b156485b4a4892206f38d3a882163d38e6bd7402f03c617c88e94c6552c0877cd76152ed0a21cf14348fc86e30223801d8d70f0781d4f949cf5a22d
SSDEEP

49152:bQbAlrYwBHMTJqIyqlJi/s5DVVjgUCnj1IayZlJPx7uJkBwfp4GjWprJMGal7:PrRsTMIyEi05ZlgUCnj2rZfPx7ukBwfB

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4032-1-0x0000000010000000-0x0000000010246000-memory.dmp	family_blackmoon
behavioral2/memory/4032-1-0x0000000010000000-0x0000000010246000-memory.dmp	family_blackmoon

C:\Users\Admin\AppData\Local\Temp\google-setup_104357465463146543.exe
"C:\Users\Admin\AppData\Local\Temp\google-setup_104357465463146543.exe"
1⤵
PID:4032

memory/4032-1-0x0000000010000000-0x0000000010246000-memory.dmp

Filesize
2.3MB

Download
memory/4032-1-0x0000000010000000-0x0000000010246000-memory.dmp

Filesize
2.3MB

Download