Analysis
-
max time kernel
86s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 20:26
General
-
Target
NEAS.6bfcf17a507cd5a7d654001740bd9060.exe
-
Size
187KB
-
MD5
6bfcf17a507cd5a7d654001740bd9060
-
SHA1
935e44ed9a5537e21307d793ca46632e74842cc3
-
SHA256
0418cbb495d0df399d74622fb9a1d01b6d3d09b54f0732f51858b0a7dd38f5e4
-
SHA512
e8b24722d642de65b12b14aacb49228a0e5710f81773ad767ce93408c222aa893703453cdaebd3ff6f33fcf2c5bd0d41411687c5f0a6a2fa90ce51efd0060d14
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+e:Ycm4FmowdHoSLEaTBftapTsyFeOe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.6bfcf17a507cd5a7d654001740bd9060.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.6bfcf17a507cd5a7d654001740bd9060.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lbxrd.exec:\lbxrd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
\??\c:\bhnhh.exec:\bhnhh.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npljh.exec:\npljh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtxpf.exec:\jtxpf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvhhr.exec:\xvhhr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbprl.exec:\jbprl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjjrldp.exec:\xjjrldp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhrbvn.exec:\vhrbvn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
\??\c:\dlxxrd.exec:\dlxxrd.exe3⤵
-
\??\c:\bnhlbx.exec:\bnhlbx.exe4⤵
-
\??\c:\fjtrt.exec:\fjtrt.exe5⤵
-
\??\c:\fvpxl.exec:\fvpxl.exe6⤵
-
\??\c:\trntp.exec:\trntp.exe7⤵
-
\??\c:\pljfbd.exec:\pljfbd.exe8⤵
-
\??\c:\llnpd.exec:\llnpd.exe9⤵
-
\??\c:\pbhlfh.exec:\pbhlfh.exe10⤵
-
\??\c:\vhdjhfl.exec:\vhdjhfl.exe11⤵
-
\??\c:\fxxbd.exec:\fxxbd.exe12⤵
-
\??\c:\vrrhnv.exec:\vrrhnv.exe13⤵
-
\??\c:\hdvjv.exec:\hdvjv.exe14⤵
-
\??\c:\jphlr.exec:\jphlr.exe15⤵
-
\??\c:\rlrldt.exec:\rlrldt.exe16⤵
-
\??\c:\lxxfn.exec:\lxxfn.exe17⤵
-
\??\c:\ftffj.exec:\ftffj.exe18⤵
-
\??\c:\vvxhhxl.exec:\vvxhhxl.exe19⤵
-
\??\c:\rvnbr.exec:\rvnbr.exe20⤵
-
\??\c:\fjrtr.exec:\fjrtr.exe21⤵
-
\??\c:\tpddn.exec:\tpddn.exe22⤵
-
\??\c:\xxprfp.exec:\xxprfp.exe23⤵
-
\??\c:\xnbdj.exec:\xnbdj.exe24⤵
-
\??\c:\frtrx.exec:\frtrx.exe25⤵
-
\??\c:\hlljh.exec:\hlljh.exe26⤵
-
\??\c:\lrxvrfd.exec:\lrxvrfd.exe27⤵
-
\??\c:\xtxpnph.exec:\xtxpnph.exe28⤵
-
\??\c:\xbdbn.exec:\xbdbn.exe29⤵
-
\??\c:\hnnlhx.exec:\hnnlhx.exe30⤵
-
\??\c:\pbtdtb.exec:\pbtdtb.exe31⤵
-
\??\c:\lnbrjb.exec:\lnbrjb.exe32⤵
-
\??\c:\xdvtvx.exec:\xdvtvx.exe33⤵
-
\??\c:\nbpxrlb.exec:\nbpxrlb.exe34⤵
-
\??\c:\xhvpl.exec:\xhvpl.exe35⤵
-
\??\c:\drvrrlj.exec:\drvrrlj.exe36⤵
-
\??\c:\rpjhb.exec:\rpjhb.exe37⤵
-
\??\c:\ttvxbv.exec:\ttvxbv.exe38⤵
-
\??\c:\ptpdt.exec:\ptpdt.exe39⤵
-
\??\c:\frltvp.exec:\frltvp.exe40⤵
-
\??\c:\xnlfx.exec:\xnlfx.exe41⤵
-
\??\c:\pnjpnj.exec:\pnjpnj.exe42⤵
-
\??\c:\tnvbvrb.exec:\tnvbvrb.exe43⤵
-
\??\c:\pdnlhhv.exec:\pdnlhhv.exe44⤵
-
\??\c:\hvvfjrn.exec:\hvvfjrn.exe45⤵
-
\??\c:\hxdjtjp.exec:\hxdjtjp.exe46⤵
-
\??\c:\fvjrxj.exec:\fvjrxj.exe47⤵
-
\??\c:\rhplrnx.exec:\rhplrnx.exe48⤵
-
\??\c:\ppfxrj.exec:\ppfxrj.exe49⤵
-
\??\c:\txxrlp.exec:\txxrlp.exe50⤵
-
\??\c:\ftvxx.exec:\ftvxx.exe51⤵
-
\??\c:\txvtvf.exec:\txvtvf.exe52⤵
-
\??\c:\vbvjpd.exec:\vbvjpd.exe53⤵
-
\??\c:\xpllbn.exec:\xpllbn.exe54⤵
-
\??\c:\pbjtpr.exec:\pbjtpr.exe55⤵
-
\??\c:\btflx.exec:\btflx.exe56⤵
-
\??\c:\vhxphxr.exec:\vhxphxr.exe57⤵
-
\??\c:\fjfhvfr.exec:\fjfhvfr.exe58⤵
-
\??\c:\vtxtfj.exec:\vtxtfj.exe59⤵
-
\??\c:\fjfnl.exec:\fjfnl.exe60⤵
-
\??\c:\frxfx.exec:\frxfx.exe61⤵
-
\??\c:\pxxhpj.exec:\pxxhpj.exe62⤵
-
\??\c:\pvrvfx.exec:\pvrvfx.exe63⤵
-
\??\c:\nphnh.exec:\nphnh.exe64⤵
-
\??\c:\hfdpf.exec:\hfdpf.exe65⤵
-
\??\c:\xjxvnbx.exec:\xjxvnbx.exe66⤵
-
\??\c:\xfhvxb.exec:\xfhvxb.exe67⤵
-
\??\c:\xrdlhhd.exec:\xrdlhhd.exe68⤵
-
\??\c:\lntbx.exec:\lntbx.exe69⤵
-
\??\c:\xbvhl.exec:\xbvhl.exe70⤵
-
\??\c:\tnrrfp.exec:\tnrrfp.exe71⤵
-
\??\c:\nldtbnv.exec:\nldtbnv.exe72⤵
-
\??\c:\xbhxn.exec:\xbhxn.exe73⤵
-
\??\c:\tppbjlb.exec:\tppbjlb.exe74⤵
-
\??\c:\jhpnj.exec:\jhpnj.exe75⤵
-
\??\c:\tblvjhr.exec:\tblvjhr.exe76⤵
-
\??\c:\rlbtbnr.exec:\rlbtbnr.exe77⤵
-
\??\c:\vvdbvv.exec:\vvdbvv.exe78⤵
-
\??\c:\hffnb.exec:\hffnb.exe79⤵
-
\??\c:\bprdv.exec:\bprdv.exe80⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\lhvjbph.exec:\lhvjbph.exe63⤵
-
\??\c:\hfbxnt.exec:\hfbxnt.exe64⤵
-
\??\c:\vlfhh.exec:\vlfhh.exe65⤵
-
\??\c:\pfjnd.exec:\pfjnd.exe66⤵
-
\??\c:\tnppv.exec:\tnppv.exe67⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\jrbfxf.exec:\jrbfxf.exe43⤵
-
\??\c:\nlhbdnv.exec:\nlhbdnv.exe44⤵
-
\??\c:\pjrrrf.exec:\pjrrrf.exe45⤵
-
\??\c:\ptldp.exec:\ptldp.exe46⤵
-
\??\c:\nxphv.exec:\nxphv.exe47⤵
-
\??\c:\pjxlh.exec:\pjxlh.exe48⤵
-
\??\c:\jrtpfpn.exec:\jrtpfpn.exe49⤵
-
\??\c:\fvxhdfp.exec:\fvxhdfp.exe50⤵
-
\??\c:\lvlfd.exec:\lvlfd.exe51⤵
-
\??\c:\vttxjdf.exec:\vttxjdf.exe52⤵
-
\??\c:\jfltv.exec:\jfltv.exe53⤵
-
\??\c:\bnjlvjh.exec:\bnjlvjh.exe54⤵
-
\??\c:\bpljl.exec:\bpljl.exe55⤵
-
\??\c:\pvbbnjr.exec:\pvbbnjr.exe56⤵
-
\??\c:\hhfnndj.exec:\hhfnndj.exe57⤵
-
\??\c:\pvxlvtn.exec:\pvxlvtn.exe58⤵
-
\??\c:\fpjlpn.exec:\fpjlpn.exe59⤵
-
\??\c:\bxlrf.exec:\bxlrf.exe60⤵
-
\??\c:\ndfrn.exec:\ndfrn.exe61⤵
-
\??\c:\fbptnnt.exec:\fbptnnt.exe62⤵
-
\??\c:\ttljd.exec:\ttljd.exe63⤵
-
\??\c:\fbhtlx.exec:\fbhtlx.exe64⤵
-
\??\c:\tvlrjhf.exec:\tvlrjhf.exe65⤵
-
\??\c:\rvxnppn.exec:\rvxnppn.exe66⤵
-
\??\c:\pvlpljf.exec:\pvlpljf.exe67⤵
-
\??\c:\xxfvrxx.exec:\xxfvrxx.exe68⤵
-
\??\c:\xlplxv.exec:\xlplxv.exe69⤵
-
\??\c:\xvdtjnl.exec:\xvdtjnl.exe70⤵
-
\??\c:\dllrxn.exec:\dllrxn.exe71⤵
-
\??\c:\xffprvr.exec:\xffprvr.exe72⤵
-
\??\c:\hbpfd.exec:\hbpfd.exe73⤵
-
\??\c:\xxhxnr.exec:\xxhxnr.exe74⤵
-
\??\c:\hjfjf.exec:\hjfjf.exe75⤵
-
\??\c:\dxnhh.exec:\dxnhh.exe76⤵
-
\??\c:\jfphx.exec:\jfphx.exe77⤵
-
\??\c:\nhjpj.exec:\nhjpj.exe78⤵
-
\??\c:\hjjrt.exec:\hjjrt.exe79⤵
-
\??\c:\prnpdn.exec:\prnpdn.exe80⤵
-
\??\c:\xtbhx.exec:\xtbhx.exe81⤵
-
\??\c:\pftvt.exec:\pftvt.exe82⤵
-
\??\c:\pxddjr.exec:\pxddjr.exe83⤵
-
\??\c:\jphvlb.exec:\jphvlb.exe84⤵
-
\??\c:\vhrfv.exec:\vhrfv.exe85⤵
-
\??\c:\fpfpp.exec:\fpfpp.exe86⤵
-
\??\c:\jlhxntl.exec:\jlhxntl.exe87⤵
-
\??\c:\fpjvb.exec:\fpjvb.exe88⤵
-
\??\c:\txjnhb.exec:\txjnhb.exe89⤵
-
\??\c:\vldvfnd.exec:\vldvfnd.exe90⤵
-
\??\c:\xllnf.exec:\xllnf.exe91⤵
-
\??\c:\blrhx.exec:\blrhx.exe92⤵
-
\??\c:\xjnxfv.exec:\xjnxfv.exe93⤵
-
\??\c:\rlhll.exec:\rlhll.exe94⤵
-
\??\c:\jhfjf.exec:\jhfjf.exe95⤵
-
\??\c:\jntbndp.exec:\jntbndp.exe96⤵
-
\??\c:\rxrdbn.exec:\rxrdbn.exe97⤵
-
\??\c:\vpnrfx.exec:\vpnrfx.exe98⤵
-
\??\c:\dhhhlt.exec:\dhhhlt.exe99⤵
-
\??\c:\vpbrtfn.exec:\vpbrtfn.exe100⤵
-
\??\c:\bptnvvn.exec:\bptnvvn.exe101⤵
-
\??\c:\jfvnbh.exec:\jfvnbh.exe102⤵
-
\??\c:\bxvrl.exec:\bxvrl.exe103⤵
-
\??\c:\nthtf.exec:\nthtf.exe104⤵
-
\??\c:\jvdlx.exec:\jvdlx.exe105⤵
-
\??\c:\hpjff.exec:\hpjff.exe106⤵
-
\??\c:\ddjxbhb.exec:\ddjxbhb.exe107⤵
-
\??\c:\vbvlvxx.exec:\vbvlvxx.exe108⤵
-
\??\c:\lntnpt.exec:\lntnpt.exe109⤵
-
\??\c:\ndtxnr.exec:\ndtxnr.exe110⤵
-
\??\c:\hbrblx.exec:\hbrblx.exe111⤵
-
\??\c:\xjdrxvb.exec:\xjdrxvb.exe112⤵
-
\??\c:\pdhtb.exec:\pdhtb.exe113⤵
-
\??\c:\ddxhdb.exec:\ddxhdb.exe114⤵
-
\??\c:\fxjfh.exec:\fxjfh.exe115⤵
-
\??\c:\tjttr.exec:\tjttr.exe116⤵
-
\??\c:\hhjplv.exec:\hhjplv.exe117⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\xpndjx.exec:\xpndjx.exe103⤵
-
-
-
-
-
-
\??\c:\vjfvhdn.exec:\vjfvhdn.exe99⤵
-
\??\c:\prdljdh.exec:\prdljdh.exe100⤵
-
\??\c:\hjtld.exec:\hjtld.exe101⤵
-
\??\c:\nxfpf.exec:\nxfpf.exe102⤵
-
\??\c:\fxhtth.exec:\fxhtth.exe103⤵
-
\??\c:\pjbhnx.exec:\pjbhnx.exe104⤵
-
\??\c:\rpvhf.exec:\rpvhf.exe105⤵
-
\??\c:\lpthv.exec:\lpthv.exe106⤵
-
\??\c:\nlxbn.exec:\nlxbn.exe107⤵
-
\??\c:\bprfx.exec:\bprfx.exe108⤵
-
\??\c:\xdvnr.exec:\xdvnr.exe109⤵
-
\??\c:\ltbphx.exec:\ltbphx.exe110⤵
-
\??\c:\ndhjfxv.exec:\ndhjfxv.exe111⤵
-
\??\c:\frdtr.exec:\frdtr.exe112⤵
-
\??\c:\rnfrnl.exec:\rnfrnl.exe113⤵
-
\??\c:\lnpnjbl.exec:\lnpnjbl.exe114⤵
-
\??\c:\dptnnrb.exec:\dptnnrb.exe115⤵
-
\??\c:\vxxtx.exec:\vxxtx.exe116⤵
-
\??\c:\jfnphdb.exec:\jfnphdb.exe117⤵
-
\??\c:\xdtbpxf.exec:\xdtbpxf.exe118⤵
-
\??\c:\jvjvfp.exec:\jvjvfp.exe119⤵
-
\??\c:\pvbxtx.exec:\pvbxtx.exe120⤵
-
\??\c:\tpvdxv.exec:\tpvdxv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-