Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16-10-2023 18:29
General
-
Target
NEAS.957be433c06aab6ca2ed88281a012880.exe
-
Size
89KB
-
MD5
957be433c06aab6ca2ed88281a012880
-
SHA1
41e4d925a484f23412f01f2a946839c23e95c59d
-
SHA256
1bc180dde8d5627af56915b17c86f45682748eafc5c68ac756eb89e73d7d74a1
-
SHA512
7964edb206fb75c2919d474b27c56d5401faefe990161de8372d6d8b62f6119939d27948556d5405cac59eea805aa1ea3b577e59d0467f7b4d81ad8dd09dcc7b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxE6vr/mAt:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+bQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.957be433c06aab6ca2ed88281a012880.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.957be433c06aab6ca2ed88281a012880.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhdfnt.exec:\tnhdfnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlddhlh.exec:\tlddhlh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrbjndd.exec:\xrbjndd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrvdplx.exec:\nrvdplx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbljx.exec:\fbljx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbvtj.exec:\nbvtj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbppj.exec:\bbppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttppffp.exec:\ttppffp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxddvpv.exec:\hxddvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
\??\c:\xvfvdhx.exec:\xvfvdhx.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjnpjv.exec:\hjnpjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xndfdbr.exec:\xndfdbr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftlfh.exec:\ftlfh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrjdr.exec:\nrjdr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvlnnx.exec:\nvlnnx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjhhpbf.exec:\hjhhpbf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flhrfn.exec:\flhrfn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnd.exec:\nntnd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prljxfb.exec:\prljxfb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trxrj.exec:\trxrj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrjjf.exec:\lrjjf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxjhr.exec:\xxjhr.exe13⤵
- Executes dropped EXE
-
\??\c:\hllxb.exec:\hllxb.exe14⤵
- Executes dropped EXE
-
\??\c:\jpvlnvh.exec:\jpvlnvh.exe15⤵
- Executes dropped EXE
-
\??\c:\hvprr.exec:\hvprr.exe16⤵
- Executes dropped EXE
-
\??\c:\bvptprl.exec:\bvptprl.exe17⤵
- Executes dropped EXE
-
\??\c:\rvbfbf.exec:\rvbfbf.exe18⤵
- Executes dropped EXE
-
\??\c:\hdrvhn.exec:\hdrvhn.exe19⤵
- Executes dropped EXE
-
\??\c:\dhxxtbp.exec:\dhxxtbp.exe20⤵
- Executes dropped EXE
-
\??\c:\hpjftd.exec:\hpjftd.exe21⤵
- Executes dropped EXE
-
\??\c:\llntd.exec:\llntd.exe22⤵
- Executes dropped EXE
-
\??\c:\frxhxl.exec:\frxhxl.exe23⤵
- Executes dropped EXE
-
\??\c:\jnbdppf.exec:\jnbdppf.exe24⤵
- Executes dropped EXE
-
\??\c:\vxtpj.exec:\vxtpj.exe25⤵
- Executes dropped EXE
-
\??\c:\bffvblp.exec:\bffvblp.exe26⤵
- Executes dropped EXE
-
\??\c:\dfxttvt.exec:\dfxttvt.exe27⤵
- Executes dropped EXE
-
\??\c:\bhpjdhv.exec:\bhpjdhv.exe28⤵
- Executes dropped EXE
-
\??\c:\xdjrpvt.exec:\xdjrpvt.exe29⤵
- Executes dropped EXE
-
\??\c:\txxvdxr.exec:\txxvdxr.exe30⤵
- Executes dropped EXE
-
\??\c:\fnrxbln.exec:\fnrxbln.exe31⤵
- Executes dropped EXE
-
\??\c:\rnbfjbj.exec:\rnbfjbj.exe32⤵
- Executes dropped EXE
-
\??\c:\nrrlf.exec:\nrrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\brvtpx.exec:\brvtpx.exe34⤵
- Executes dropped EXE
-
\??\c:\bjnvx.exec:\bjnvx.exe35⤵
- Executes dropped EXE
-
\??\c:\dfbxrrn.exec:\dfbxrrn.exe36⤵
- Executes dropped EXE
-
\??\c:\hxnddjd.exec:\hxnddjd.exe37⤵
- Executes dropped EXE
-
\??\c:\bffpn.exec:\bffpn.exe38⤵
- Executes dropped EXE
-
\??\c:\ljrhjjn.exec:\ljrhjjn.exe39⤵
- Executes dropped EXE
-
\??\c:\nbhdfjt.exec:\nbhdfjt.exe40⤵
- Executes dropped EXE
-
\??\c:\ppndxjt.exec:\ppndxjt.exe41⤵
- Executes dropped EXE
-
\??\c:\xxtbn.exec:\xxtbn.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxrbbv.exec:\xrxrbbv.exe43⤵
- Executes dropped EXE
-
\??\c:\nfffr.exec:\nfffr.exe44⤵
- Executes dropped EXE
-
\??\c:\tdvrfl.exec:\tdvrfl.exe45⤵
- Executes dropped EXE
-
\??\c:\fbftld.exec:\fbftld.exe46⤵
- Executes dropped EXE
-
\??\c:\dfntlfj.exec:\dfntlfj.exe47⤵
- Executes dropped EXE
-
\??\c:\rjlnxpn.exec:\rjlnxpn.exe48⤵
- Executes dropped EXE
-
\??\c:\npvtpbf.exec:\npvtpbf.exe49⤵
- Executes dropped EXE
-
\??\c:\lntlljj.exec:\lntlljj.exe50⤵
- Executes dropped EXE
-
\??\c:\brlth.exec:\brlth.exe51⤵
- Executes dropped EXE
-
\??\c:\pbrlhhr.exec:\pbrlhhr.exe52⤵
- Executes dropped EXE
-
\??\c:\lldffv.exec:\lldffv.exe53⤵
- Executes dropped EXE
-
\??\c:\bpvvr.exec:\bpvvr.exe54⤵
- Executes dropped EXE
-
\??\c:\lltjhj.exec:\lltjhj.exe55⤵
- Executes dropped EXE
-
\??\c:\btrrtt.exec:\btrrtt.exe56⤵
-
\??\c:\fthftl.exec:\fthftl.exe57⤵
-
\??\c:\njhtb.exec:\njhtb.exe58⤵
-
\??\c:\vjrlfdj.exec:\vjrlfdj.exe59⤵
-
\??\c:\bvtnr.exec:\bvtnr.exe60⤵
-
\??\c:\lxvhb.exec:\lxvhb.exe61⤵
-
\??\c:\njvth.exec:\njvth.exe62⤵
-
\??\c:\trtttbj.exec:\trtttbj.exe63⤵
-
\??\c:\hrhrlt.exec:\hrhrlt.exe64⤵
-
\??\c:\tvjbp.exec:\tvjbp.exe65⤵
-
\??\c:\hfjtn.exec:\hfjtn.exe66⤵
-
\??\c:\xxvthph.exec:\xxvthph.exe67⤵
-
\??\c:\rrjvjf.exec:\rrjvjf.exe68⤵
-
\??\c:\xffdht.exec:\xffdht.exe69⤵
-
\??\c:\vrnvv.exec:\vrnvv.exe70⤵
-
\??\c:\vbrvnn.exec:\vbrvnn.exe71⤵
-
\??\c:\nndrjn.exec:\nndrjn.exe72⤵
-
\??\c:\jvttn.exec:\jvttn.exe73⤵
-
\??\c:\jlrpxtt.exec:\jlrpxtt.exe74⤵
-
\??\c:\lfrdnfv.exec:\lfrdnfv.exe75⤵
-
\??\c:\lbrrj.exec:\lbrrj.exe76⤵
-
\??\c:\hprjp.exec:\hprjp.exe77⤵
-
\??\c:\pnfrx.exec:\pnfrx.exe78⤵
-
\??\c:\fpxlh.exec:\fpxlh.exe79⤵
-
\??\c:\nddrj.exec:\nddrj.exe80⤵
-
\??\c:\ddjtrr.exec:\ddjtrr.exe81⤵
-
\??\c:\ntpprtl.exec:\ntpprtl.exe82⤵
-
\??\c:\lnxjf.exec:\lnxjf.exe83⤵
-
\??\c:\nnhdf.exec:\nnhdf.exe84⤵
-
\??\c:\rxvvr.exec:\rxvvr.exe85⤵
-
\??\c:\xlfjbhf.exec:\xlfjbhf.exe86⤵
-
\??\c:\bfnnvnv.exec:\bfnnvnv.exe87⤵
-
\??\c:\txxffb.exec:\txxffb.exe88⤵
-
\??\c:\vfhfdx.exec:\vfhfdx.exe89⤵
-
\??\c:\ffhlfbp.exec:\ffhlfbp.exe90⤵
-
\??\c:\ldvdfpr.exec:\ldvdfpr.exe91⤵
-
\??\c:\ljdfv.exec:\ljdfv.exe92⤵
-
\??\c:\rtbvl.exec:\rtbvl.exe93⤵
-
\??\c:\dxxpnnt.exec:\dxxpnnt.exe94⤵
-
\??\c:\jxbrb.exec:\jxbrb.exe95⤵
-
\??\c:\vpjlxx.exec:\vpjlxx.exe96⤵
-
\??\c:\ttvrh.exec:\ttvrh.exe97⤵
-
\??\c:\vtxhb.exec:\vtxhb.exe98⤵
-
\??\c:\rvxff.exec:\rvxff.exe99⤵
-
\??\c:\vfvvh.exec:\vfvvh.exe100⤵
-
\??\c:\bjlrjhp.exec:\bjlrjhp.exe101⤵
-
\??\c:\jtnftt.exec:\jtnftt.exe102⤵
-
\??\c:\btjbtb.exec:\btjbtb.exe103⤵
-
\??\c:\xnjxplr.exec:\xnjxplr.exe104⤵
-
\??\c:\vvnlr.exec:\vvnlr.exe105⤵
-
\??\c:\rvvrljp.exec:\rvvrljp.exe106⤵
-
\??\c:\plhdlhn.exec:\plhdlhn.exe107⤵
-
\??\c:\rnphxpn.exec:\rnphxpn.exe108⤵
-
\??\c:\rjvnf.exec:\rjvnf.exe109⤵
-
\??\c:\bdlfn.exec:\bdlfn.exe110⤵
-
\??\c:\vpjxlff.exec:\vpjxlff.exe111⤵
-
\??\c:\dhthhv.exec:\dhthhv.exe112⤵
-
\??\c:\xdfhj.exec:\xdfhj.exe113⤵
-
\??\c:\fjnnj.exec:\fjnnj.exe114⤵
-
\??\c:\bbxjr.exec:\bbxjr.exe115⤵
-
\??\c:\bjxrdb.exec:\bjxrdb.exe116⤵
-
\??\c:\hxxpxjr.exec:\hxxpxjr.exe117⤵
-
\??\c:\hhltdb.exec:\hhltdb.exe118⤵
-
\??\c:\vvpxvfv.exec:\vvpxvfv.exe119⤵
-
\??\c:\nxdxhd.exec:\nxdxhd.exe120⤵
-
\??\c:\vjdbn.exec:\vjdbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-