Analysis
-
max time kernel
143s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
15/10/2023, 19:44
General
-
Target
bd4165b4c2a660c44d1da67be7f0afd0_exe32.exe
-
Size
52KB
-
MD5
bd4165b4c2a660c44d1da67be7f0afd0
-
SHA1
38bbf2e128256e9ee86fa1b94bdfa4df2ed234a3
-
SHA256
03ab9522cd2c5741aba7d81209ab743429790d2fbca4fe6de34563656558d706
-
SHA512
d5b327304267c948923a92d3ae7f5111ab8b3bf9ad6029d960538fdf89090936a7f86b1485ed9d3b1723442a370a9b031e0dbf9ceac3b695ee5b4c02af9f1395
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI58Ck:ymb3NkkiQ3mdBjFI3k
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd4165b4c2a660c44d1da67be7f0afd0_exe32.exe"C:\Users\Admin\AppData\Local\Temp\bd4165b4c2a660c44d1da67be7f0afd0_exe32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dptfbb.exec:\dptfbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvllbj.exec:\pvllbj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhhrx.exec:\vhhrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vttfbp.exec:\vttfbp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdfxpjr.exec:\vdfxpjr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnblvh.exec:\tnblvh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhfld.exec:\rhfld.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlbvxb.exec:\tlbvxb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbxvr.exec:\rbxvr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhnlxbv.exec:\fhnlxbv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tffrhxr.exec:\tffrhxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdrjp.exec:\tdrjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pltrndt.exec:\pltrndt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpbbf.exec:\dddpbbf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdhlr.exec:\tdhlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpbbbpv.exec:\vpbbbpv.exe17⤵
- Executes dropped EXE
-
\??\c:\rxfdtpf.exec:\rxfdtpf.exe18⤵
- Executes dropped EXE
-
\??\c:\rhltxhl.exec:\rhltxhl.exe19⤵
- Executes dropped EXE
-
\??\c:\vvrhtnb.exec:\vvrhtnb.exe20⤵
- Executes dropped EXE
-
\??\c:\nhvln.exec:\nhvln.exe21⤵
- Executes dropped EXE
-
\??\c:\bnffl.exec:\bnffl.exe22⤵
- Executes dropped EXE
-
\??\c:\bnptj.exec:\bnptj.exe23⤵
- Executes dropped EXE
-
\??\c:\fxplv.exec:\fxplv.exe24⤵
- Executes dropped EXE
-
\??\c:\rdjfdd.exec:\rdjfdd.exe25⤵
- Executes dropped EXE
-
\??\c:\ttfbx.exec:\ttfbx.exe26⤵
- Executes dropped EXE
-
\??\c:\ltvffh.exec:\ltvffh.exe27⤵
- Executes dropped EXE
-
\??\c:\dptxvx.exec:\dptxvx.exe28⤵
- Executes dropped EXE
-
\??\c:\hvdnv.exec:\hvdnv.exe29⤵
- Executes dropped EXE
-
\??\c:\hntnvjt.exec:\hntnvjt.exe30⤵
- Executes dropped EXE
-
\??\c:\nfhbpfh.exec:\nfhbpfh.exe31⤵
- Executes dropped EXE
-
\??\c:\bdvvx.exec:\bdvvx.exe32⤵
- Executes dropped EXE
-
\??\c:\lfllvh.exec:\lfllvh.exe33⤵
- Executes dropped EXE
-
\??\c:\tltrd.exec:\tltrd.exe34⤵
- Executes dropped EXE
-
\??\c:\dnvbj.exec:\dnvbj.exe35⤵
- Executes dropped EXE
-
\??\c:\lrnjlx.exec:\lrnjlx.exe36⤵
- Executes dropped EXE
-
\??\c:\pfrfnt.exec:\pfrfnt.exe37⤵
- Executes dropped EXE
-
\??\c:\vxrnl.exec:\vxrnl.exe38⤵
- Executes dropped EXE
-
\??\c:\tvrffl.exec:\tvrffl.exe39⤵
- Executes dropped EXE
-
\??\c:\lnhtvf.exec:\lnhtvf.exe40⤵
- Executes dropped EXE
-
\??\c:\tlfpdtd.exec:\tlfpdtd.exe41⤵
- Executes dropped EXE
-
\??\c:\vrhtvnv.exec:\vrhtvnv.exe42⤵
- Executes dropped EXE
-
\??\c:\fftbblh.exec:\fftbblh.exe43⤵
- Executes dropped EXE
-
\??\c:\ttvfp.exec:\ttvfp.exe44⤵
- Executes dropped EXE
-
\??\c:\dprtdbv.exec:\dprtdbv.exe45⤵
- Executes dropped EXE
-
\??\c:\bbthd.exec:\bbthd.exe46⤵
- Executes dropped EXE
-
\??\c:\bbfjxpf.exec:\bbfjxpf.exe47⤵
- Executes dropped EXE
-
\??\c:\dnvthr.exec:\dnvthr.exe48⤵
- Executes dropped EXE
-
\??\c:\prrpd.exec:\prrpd.exe49⤵
- Executes dropped EXE
-
\??\c:\vtbltvx.exec:\vtbltvx.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjljdb.exec:\vpjljdb.exe51⤵
- Executes dropped EXE
-
\??\c:\xjtxn.exec:\xjtxn.exe52⤵
- Executes dropped EXE
-
\??\c:\hnrbtb.exec:\hnrbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\fjbrff.exec:\fjbrff.exe54⤵
- Executes dropped EXE
-
\??\c:\lvbtt.exec:\lvbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\vxfrp.exec:\vxfrp.exe56⤵
- Executes dropped EXE
-
\??\c:\fvjthhj.exec:\fvjthhj.exe57⤵
- Executes dropped EXE
-
\??\c:\bvprxd.exec:\bvprxd.exe58⤵
- Executes dropped EXE
-
\??\c:\rfhlnhd.exec:\rfhlnhd.exe59⤵
- Executes dropped EXE
-
\??\c:\rfrhtr.exec:\rfrhtr.exe60⤵
- Executes dropped EXE
-
\??\c:\hvxlv.exec:\hvxlv.exe61⤵
- Executes dropped EXE
-
\??\c:\vppnt.exec:\vppnt.exe62⤵
- Executes dropped EXE
-
\??\c:\vhrnn.exec:\vhrnn.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhdvlb.exec:\tnhdvlb.exe64⤵
- Executes dropped EXE
-
\??\c:\fhbpbx.exec:\fhbpbx.exe65⤵
- Executes dropped EXE
-
\??\c:\tpxhx.exec:\tpxhx.exe66⤵
-
\??\c:\nvjdlt.exec:\nvjdlt.exe67⤵
-
\??\c:\xppnnt.exec:\xppnnt.exe68⤵
-
\??\c:\rftrph.exec:\rftrph.exe69⤵
-
\??\c:\hdnhbn.exec:\hdnhbn.exe70⤵
-
\??\c:\jdjbv.exec:\jdjbv.exe71⤵
-
\??\c:\tvplvj.exec:\tvplvj.exe72⤵
-
\??\c:\pvxvndf.exec:\pvxvndf.exe73⤵
-
\??\c:\jvfbldt.exec:\jvfbldt.exe74⤵
-
\??\c:\vtlxnx.exec:\vtlxnx.exe75⤵
-
\??\c:\lnhlbd.exec:\lnhlbd.exe76⤵
-
\??\c:\ftnhhx.exec:\ftnhhx.exe77⤵
-
\??\c:\nvxftpr.exec:\nvxftpr.exe78⤵
-
\??\c:\fvrth.exec:\fvrth.exe79⤵
-
\??\c:\dttjnrx.exec:\dttjnrx.exe80⤵
-
\??\c:\rfttt.exec:\rfttt.exe81⤵
-
\??\c:\nxdxh.exec:\nxdxh.exe82⤵
-
\??\c:\ftnhtj.exec:\ftnhtj.exe83⤵
-
\??\c:\jlpdnjn.exec:\jlpdnjn.exe84⤵
-
\??\c:\vtvpfnf.exec:\vtvpfnf.exe85⤵
-
\??\c:\rbdjx.exec:\rbdjx.exe86⤵
-
\??\c:\vjtth.exec:\vjtth.exe87⤵
-
\??\c:\tpnvdt.exec:\tpnvdt.exe88⤵
-
\??\c:\njvrlj.exec:\njvrlj.exe89⤵
-
\??\c:\hrlxvb.exec:\hrlxvb.exe90⤵
-
\??\c:\xddpd.exec:\xddpd.exe91⤵
-
\??\c:\vvllnjx.exec:\vvllnjx.exe92⤵
-
\??\c:\ttjblfx.exec:\ttjblfx.exe93⤵
-
\??\c:\xxbjfn.exec:\xxbjfn.exe94⤵
-
\??\c:\xpnlb.exec:\xpnlb.exe95⤵
-
\??\c:\hnvddp.exec:\hnvddp.exe96⤵
-
\??\c:\htthdjt.exec:\htthdjt.exe97⤵
-
\??\c:\dnnltv.exec:\dnnltv.exe98⤵
-
\??\c:\vhthn.exec:\vhthn.exe99⤵
-
\??\c:\tbppjb.exec:\tbppjb.exe100⤵
-
\??\c:\nddntdn.exec:\nddntdn.exe101⤵
-
\??\c:\flbrrbb.exec:\flbrrbb.exe102⤵
-
\??\c:\fhtlpp.exec:\fhtlpp.exe103⤵
-
\??\c:\bnvfbdn.exec:\bnvfbdn.exe104⤵
-
\??\c:\rjlxhfp.exec:\rjlxhfp.exe105⤵
-
\??\c:\ntfpvhb.exec:\ntfpvhb.exe106⤵
-
\??\c:\nrbhtjl.exec:\nrbhtjl.exe107⤵
-
\??\c:\fxjbvd.exec:\fxjbvd.exe108⤵
-
\??\c:\pjnpf.exec:\pjnpf.exe109⤵
-
\??\c:\dtdnx.exec:\dtdnx.exe110⤵
-
\??\c:\dlfltl.exec:\dlfltl.exe111⤵
-
\??\c:\tdjltnf.exec:\tdjltnf.exe112⤵
-
\??\c:\jjjvjn.exec:\jjjvjn.exe113⤵
-
\??\c:\dvnbftx.exec:\dvnbftx.exe114⤵
-
\??\c:\dhhvd.exec:\dhhvd.exe115⤵
-
\??\c:\nnljh.exec:\nnljh.exe116⤵
-
\??\c:\pbnpjrp.exec:\pbnpjrp.exe117⤵
-
\??\c:\fntxd.exec:\fntxd.exe118⤵
-
\??\c:\ddjtxlt.exec:\ddjtxlt.exe119⤵
-
\??\c:\lbfdxh.exec:\lbfdxh.exe120⤵
-
\??\c:\vhlltxl.exec:\vhlltxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-