Analysis
-
max time kernel
151s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
17/10/2022, 07:28
General
-
Target
861f4e889effa9294f17c5b73cf043b2dd4b55806efc1a83e6ac7ca7c2d614ce.exe
-
Size
477KB
-
MD5
2207246e5b0bf668cdd4ce2de2d3f254
-
SHA1
7efb75b527c8427eb76809e7e417e4c62fc0f5b0
-
SHA256
861f4e889effa9294f17c5b73cf043b2dd4b55806efc1a83e6ac7ca7c2d614ce
-
SHA512
bb12449d59d41b7e812028c35c2dcd92e0d45905696922d159659fec427154dee85d46eee2b7aff9f7b283a54af270eaddd4eaa7404799f5331693120b09f099
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwT+aZKl7pg1xBI:q7Tc2NYHUrAwT+OKLSjI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\861f4e889effa9294f17c5b73cf043b2dd4b55806efc1a83e6ac7ca7c2d614ce.exe"C:\Users\Admin\AppData\Local\Temp\861f4e889effa9294f17c5b73cf043b2dd4b55806efc1a83e6ac7ca7c2d614ce.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xjfdt.exec:\xjfdt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtpxv.exec:\dtpxv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tppdr.exec:\tppdr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvttx.exec:\bvttx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvbjr.exec:\vvbjr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbnbv.exec:\lbnbv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtbdldr.exec:\vtbdldr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrlxbnt.exec:\jrlxbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvnfdfl.exec:\rvnfdfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rltnd.exec:\rltnd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
\??\c:\xlvxf.exec:\xlvxf.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxjnv.exec:\pxjnv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhpfbxt.exec:\bhpfbxt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvhjr.exec:\tvhjr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnbfvfb.exec:\vnbfvfb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjlfpbr.exec:\jjlfpbr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfhxf.exec:\rfhxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhllndr.exec:\lhllndr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrthd.exec:\rrthd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfrbhv.exec:\vfrbhv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxhnjn.exec:\xxhnjn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
\??\c:\xfvxpdl.exec:\xfvxpdl.exe1⤵
- Executes dropped EXE
-
\??\c:\lnbdp.exec:\lnbdp.exe2⤵
- Executes dropped EXE
-
-
\??\c:\tpvnj.exec:\tpvnj.exe1⤵
- Executes dropped EXE
-
\??\c:\rdnnx.exec:\rdnnx.exe2⤵
- Executes dropped EXE
-
\??\c:\npfrrdd.exec:\npfrrdd.exe3⤵
- Executes dropped EXE
-
\??\c:\hbphpv.exec:\hbphpv.exe4⤵
- Executes dropped EXE
-
\??\c:\nfhllv.exec:\nfhllv.exe5⤵
- Executes dropped EXE
-
\??\c:\htnnldl.exec:\htnnldl.exe6⤵
- Executes dropped EXE
-
\??\c:\xprhrhv.exec:\xprhrhv.exe7⤵
- Executes dropped EXE
-
\??\c:\txbxrvf.exec:\txbxrvf.exe8⤵
- Executes dropped EXE
-
\??\c:\brdtr.exec:\brdtr.exe9⤵
- Executes dropped EXE
-
\??\c:\rrdrfx.exec:\rrdrfx.exe10⤵
- Executes dropped EXE
-
\??\c:\nlrltx.exec:\nlrltx.exe11⤵
- Executes dropped EXE
-
\??\c:\xvbblnb.exec:\xvbblnb.exe12⤵
- Executes dropped EXE
-
\??\c:\lblhh.exec:\lblhh.exe13⤵
- Executes dropped EXE
-
\??\c:\fhltxxl.exec:\fhltxxl.exe14⤵
- Executes dropped EXE
-
\??\c:\nnbjb.exec:\nnbjb.exe15⤵
- Executes dropped EXE
-
\??\c:\phjdjl.exec:\phjdjl.exe16⤵
- Executes dropped EXE
-
\??\c:\ftxxr.exec:\ftxxr.exe17⤵
- Executes dropped EXE
-
\??\c:\tjvhnv.exec:\tjvhnv.exe18⤵
- Executes dropped EXE
-
\??\c:\htbvrbj.exec:\htbvrbj.exe19⤵
- Executes dropped EXE
-
\??\c:\xbrddf.exec:\xbrddf.exe20⤵
- Executes dropped EXE
-
\??\c:\bdjddl.exec:\bdjddl.exe21⤵
- Executes dropped EXE
-
\??\c:\lplhb.exec:\lplhb.exe22⤵
- Executes dropped EXE
-
\??\c:\bnjdpv.exec:\bnjdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\fnlphv.exec:\fnlphv.exe24⤵
- Executes dropped EXE
-
\??\c:\xjtnjfb.exec:\xjtnjfb.exe25⤵
- Executes dropped EXE
-
\??\c:\jvrnf.exec:\jvrnf.exe26⤵
- Executes dropped EXE
-
\??\c:\jlxlbdn.exec:\jlxlbdn.exe27⤵
- Executes dropped EXE
-
\??\c:\tfjlv.exec:\tfjlv.exe28⤵
- Executes dropped EXE
-
\??\c:\lvfjpp.exec:\lvfjpp.exe29⤵
- Executes dropped EXE
-
\??\c:\brvvdnd.exec:\brvvdnd.exe30⤵
- Executes dropped EXE
-
\??\c:\ptjdrv.exec:\ptjdrv.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtxf.exec:\nhtxf.exe32⤵
- Executes dropped EXE
-
\??\c:\ftpfh.exec:\ftpfh.exe33⤵
- Executes dropped EXE
-
\??\c:\lbltrbb.exec:\lbltrbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvlnv.exec:\jvlnv.exe35⤵
- Executes dropped EXE
-
\??\c:\pfxhj.exec:\pfxhj.exe36⤵
- Executes dropped EXE
-
\??\c:\jhtrxdt.exec:\jhtrxdt.exe37⤵
-
\??\c:\jhhnfl.exec:\jhhnfl.exe38⤵
-
\??\c:\vndjr.exec:\vndjr.exe39⤵
-
\??\c:\fbtvxl.exec:\fbtvxl.exe40⤵
-
\??\c:\fhrrvlv.exec:\fhrrvlv.exe41⤵
-
\??\c:\tfphfr.exec:\tfphfr.exe42⤵
-
\??\c:\bnhxhd.exec:\bnhxhd.exe43⤵
-
\??\c:\vtxpj.exec:\vtxpj.exe44⤵
-
\??\c:\jnhhr.exec:\jnhhr.exe45⤵
-
\??\c:\hpxvvj.exec:\hpxvvj.exe46⤵
-
\??\c:\hbjdr.exec:\hbjdr.exe47⤵
-
\??\c:\hntbx.exec:\hntbx.exe48⤵
-
\??\c:\vpljjrp.exec:\vpljjrp.exe49⤵
-
\??\c:\lhpvtn.exec:\lhpvtn.exe50⤵
-
\??\c:\thjvpxl.exec:\thjvpxl.exe51⤵
-
\??\c:\pjdpnn.exec:\pjdpnn.exe52⤵
-
\??\c:\rvrffhd.exec:\rvrffhd.exe53⤵
-
\??\c:\jllntl.exec:\jllntl.exe54⤵
-
\??\c:\rvjvrdr.exec:\rvjvrdr.exe55⤵
-
\??\c:\fpvppx.exec:\fpvppx.exe56⤵
-
\??\c:\vrlljn.exec:\vrlljn.exe57⤵
-
\??\c:\nxjrd.exec:\nxjrd.exe58⤵
-
\??\c:\llrln.exec:\llrln.exe59⤵
-
\??\c:\ndvbd.exec:\ndvbd.exe60⤵
-
\??\c:\ptjlrt.exec:\ptjlrt.exe61⤵
-
\??\c:\vfvbf.exec:\vfvbf.exe62⤵
-
\??\c:\frvvf.exec:\frvvf.exe63⤵
-
\??\c:\tlrxvxd.exec:\tlrxvxd.exe64⤵
-
\??\c:\bvjrb.exec:\bvjrb.exe65⤵
-
\??\c:\fdhpnx.exec:\fdhpnx.exe66⤵
-
\??\c:\vpndtfv.exec:\vpndtfv.exe67⤵
-
\??\c:\njnlt.exec:\njnlt.exe68⤵
-
\??\c:\rfxtrr.exec:\rfxtrr.exe69⤵
-
\??\c:\fjxbh.exec:\fjxbh.exe70⤵
-
\??\c:\tbtvp.exec:\tbtvp.exe71⤵
-
\??\c:\drljft.exec:\drljft.exe72⤵
-
\??\c:\tvpfj.exec:\tvpfj.exe73⤵
-
\??\c:\hfxbhlp.exec:\hfxbhlp.exe74⤵
-
\??\c:\lvjphld.exec:\lvjphld.exe75⤵
-
\??\c:\djdvtjb.exec:\djdvtjb.exe76⤵
-
\??\c:\vjbfbl.exec:\vjbfbl.exe77⤵
-
\??\c:\ldprf.exec:\ldprf.exe78⤵
-
\??\c:\xtbjvnx.exec:\xtbjvnx.exe79⤵
-
\??\c:\btbbt.exec:\btbbt.exe80⤵
-
\??\c:\vhbdt.exec:\vhbdt.exe81⤵
-
\??\c:\ppvbth.exec:\ppvbth.exe82⤵
-
\??\c:\btdbxl.exec:\btdbxl.exe83⤵
-
\??\c:\bdhxnh.exec:\bdhxnh.exe84⤵
-
\??\c:\hvnhnfv.exec:\hvnhnfv.exe85⤵
-
\??\c:\lvhbbp.exec:\lvhbbp.exe86⤵
-
\??\c:\nxfptd.exec:\nxfptd.exe87⤵
-
\??\c:\btddnnr.exec:\btddnnr.exe88⤵
-
\??\c:\hxjhp.exec:\hxjhp.exe89⤵
-
\??\c:\vhltnjl.exec:\vhltnjl.exe90⤵
-
\??\c:\rbpbh.exec:\rbpbh.exe91⤵
-
\??\c:\fhtbj.exec:\fhtbj.exe92⤵
-
\??\c:\brxxd.exec:\brxxd.exe93⤵
-
\??\c:\frvhlpt.exec:\frvhlpt.exe94⤵
-
\??\c:\fnjfhln.exec:\fnjfhln.exe95⤵
-
\??\c:\vnpxrtf.exec:\vnpxrtf.exe96⤵
-
\??\c:\jthblbf.exec:\jthblbf.exe97⤵
-
\??\c:\jblpdl.exec:\jblpdl.exe98⤵
-
\??\c:\nllnj.exec:\nllnj.exe99⤵
-
\??\c:\rtnvxn.exec:\rtnvxn.exe100⤵
-
\??\c:\xhhjt.exec:\xhhjt.exe101⤵
-
\??\c:\rbrjh.exec:\rbrjh.exe102⤵
-
\??\c:\fjnlbb.exec:\fjnlbb.exe103⤵
-
\??\c:\jxnftp.exec:\jxnftp.exe104⤵
-
\??\c:\nttvpbf.exec:\nttvpbf.exe105⤵
-
\??\c:\npphhx.exec:\npphhx.exe106⤵
-
\??\c:\dlpnlx.exec:\dlpnlx.exe107⤵
-
\??\c:\rbhxf.exec:\rbhxf.exe108⤵
-
\??\c:\fnfdr.exec:\fnfdr.exe109⤵
-
\??\c:\dhjjnnn.exec:\dhjjnnn.exe110⤵
-
\??\c:\fbrrjt.exec:\fbrrjt.exe111⤵
-
\??\c:\hpfjtn.exec:\hpfjtn.exe112⤵
-
\??\c:\nhhvxdx.exec:\nhhvxdx.exe113⤵
-
\??\c:\lfdlnx.exec:\lfdlnx.exe114⤵
-
\??\c:\dvpxdfj.exec:\dvpxdfj.exe115⤵
-
\??\c:\hjbnrbp.exec:\hjbnrbp.exe116⤵
-
\??\c:\lbbxfdn.exec:\lbbxfdn.exe117⤵
-
\??\c:\dhbjjdj.exec:\dhbjjdj.exe118⤵
-
\??\c:\txrfb.exec:\txrfb.exe119⤵
-
\??\c:\xhnvj.exec:\xhnvj.exe120⤵
-
\??\c:\fpvjldf.exec:\fpvjldf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-