Analysis
-
max time kernel
158s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21/10/2023, 21:29
General
-
Target
NEAS.b27b1f0ef472d169492ea1ed893b13a0.exe
-
Size
272KB
-
MD5
b27b1f0ef472d169492ea1ed893b13a0
-
SHA1
22a9745f3524ee0c7a839d9e3fcc3b6b13f27c2b
-
SHA256
81cbc66a383ec43b9229bfcfe86d30afac59fa61a4247349115d0ad64f24d7c9
-
SHA512
153605e4024d7dca00cf5c9b176599b8961db4623072c20d3aee410a9ad1a2fa066326598835a119c3f84c679326c1f5902878850801d3ceae15eaad892a0f93
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOFltH4t+IDvSXrh5g8hZQ:y4wFHoS3eFp3IDvSbh5nPQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b27b1f0ef472d169492ea1ed893b13a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b27b1f0ef472d169492ea1ed893b13a0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\l78b8e.exec:\l78b8e.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v278v0.exec:\v278v0.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1e7kh1.exec:\1e7kh1.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tv7gvv.exec:\tv7gvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\826t5.exec:\826t5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a07oia7.exec:\a07oia7.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ios8o5r.exec:\ios8o5r.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aq1m5.exec:\aq1m5.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u7nl64.exec:\u7nl64.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ns63w4w.exec:\ns63w4w.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t1m6p.exec:\t1m6p.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89f3j.exec:\89f3j.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x09aq68.exec:\x09aq68.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3f1nulo.exec:\3f1nulo.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ank6xck.exec:\ank6xck.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpja36.exec:\rpja36.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\16hwc.exec:\16hwc.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k34kil.exec:\k34kil.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bmm1u.exec:\bmm1u.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96551.exec:\96551.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59wfp.exec:\59wfp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5x1dv.exec:\5x1dv.exe23⤵
- Executes dropped EXE
-
\??\c:\k61tm.exec:\k61tm.exe24⤵
- Executes dropped EXE
-
\??\c:\x0s46.exec:\x0s46.exe25⤵
- Executes dropped EXE
-
\??\c:\8pcvf1.exec:\8pcvf1.exe26⤵
- Executes dropped EXE
-
\??\c:\1ggt70.exec:\1ggt70.exe27⤵
- Executes dropped EXE
-
\??\c:\7kc15i.exec:\7kc15i.exe28⤵
- Executes dropped EXE
-
\??\c:\o28950l.exec:\o28950l.exe29⤵
- Executes dropped EXE
-
\??\c:\v079d.exec:\v079d.exe30⤵
- Executes dropped EXE
-
\??\c:\4ma035.exec:\4ma035.exe31⤵
- Executes dropped EXE
-
\??\c:\741q3p.exec:\741q3p.exe32⤵
- Executes dropped EXE
-
\??\c:\90mt9s.exec:\90mt9s.exe33⤵
- Executes dropped EXE
-
\??\c:\64q96.exec:\64q96.exe34⤵
- Executes dropped EXE
-
\??\c:\sap29al.exec:\sap29al.exe35⤵
- Executes dropped EXE
-
\??\c:\10f4w0u.exec:\10f4w0u.exe36⤵
- Executes dropped EXE
-
\??\c:\kk594h.exec:\kk594h.exe37⤵
- Executes dropped EXE
-
\??\c:\46x7b7.exec:\46x7b7.exe38⤵
- Executes dropped EXE
-
\??\c:\io9g3e.exec:\io9g3e.exe39⤵
- Executes dropped EXE
-
\??\c:\l93l1p7.exec:\l93l1p7.exe40⤵
- Executes dropped EXE
-
\??\c:\p99ek.exec:\p99ek.exe41⤵
- Executes dropped EXE
-
\??\c:\n1sle.exec:\n1sle.exe42⤵
- Executes dropped EXE
-
\??\c:\ej0mo.exec:\ej0mo.exe43⤵
- Executes dropped EXE
-
\??\c:\uj4eu.exec:\uj4eu.exe44⤵
- Executes dropped EXE
-
\??\c:\b1gr335.exec:\b1gr335.exe45⤵
- Executes dropped EXE
-
\??\c:\s69s4xe.exec:\s69s4xe.exe46⤵
- Executes dropped EXE
-
\??\c:\to7295x.exec:\to7295x.exe47⤵
- Executes dropped EXE
-
\??\c:\f1jq9w3.exec:\f1jq9w3.exe48⤵
- Executes dropped EXE
-
\??\c:\02n36.exec:\02n36.exe49⤵
- Executes dropped EXE
-
\??\c:\349rdju.exec:\349rdju.exe50⤵
- Executes dropped EXE
-
\??\c:\oed430.exec:\oed430.exe51⤵
- Executes dropped EXE
-
\??\c:\md8e37.exec:\md8e37.exe52⤵
- Executes dropped EXE
-
\??\c:\95osm3k.exec:\95osm3k.exe53⤵
- Executes dropped EXE
-
\??\c:\3gx3r3.exec:\3gx3r3.exe54⤵
- Executes dropped EXE
-
\??\c:\2hc3ht.exec:\2hc3ht.exe55⤵
- Executes dropped EXE
-
\??\c:\00sgk6.exec:\00sgk6.exe56⤵
- Executes dropped EXE
-
\??\c:\68to82.exec:\68to82.exe57⤵
- Executes dropped EXE
-
\??\c:\q7q23a.exec:\q7q23a.exe58⤵
- Executes dropped EXE
-
\??\c:\q0841u2.exec:\q0841u2.exe59⤵
- Executes dropped EXE
-
\??\c:\oi37s5.exec:\oi37s5.exe60⤵
- Executes dropped EXE
-
\??\c:\qukrk.exec:\qukrk.exe61⤵
- Executes dropped EXE
-
\??\c:\2kq7i.exec:\2kq7i.exe62⤵
- Executes dropped EXE
-
\??\c:\pw2s95m.exec:\pw2s95m.exe63⤵
- Executes dropped EXE
-
\??\c:\fj8rxo.exec:\fj8rxo.exe64⤵
- Executes dropped EXE
-
\??\c:\aroog.exec:\aroog.exe65⤵
- Executes dropped EXE
-
\??\c:\1nu77c.exec:\1nu77c.exe66⤵
-
\??\c:\50ab8f.exec:\50ab8f.exe67⤵
-
\??\c:\0m7ix9c.exec:\0m7ix9c.exe68⤵
-
\??\c:\403q67d.exec:\403q67d.exe69⤵
-
\??\c:\75k79.exec:\75k79.exe70⤵
-
\??\c:\3x936.exec:\3x936.exe71⤵
-
\??\c:\wi9e7.exec:\wi9e7.exe72⤵
-
\??\c:\r89q8.exec:\r89q8.exe73⤵
-
\??\c:\ggf2g.exec:\ggf2g.exe74⤵
-
\??\c:\cm1mb.exec:\cm1mb.exe75⤵
-
\??\c:\pgas0.exec:\pgas0.exe76⤵
-
\??\c:\swwr51o.exec:\swwr51o.exe77⤵
-
\??\c:\0c7cv.exec:\0c7cv.exe78⤵
-
\??\c:\u790c0m.exec:\u790c0m.exe79⤵
-
\??\c:\qno3k.exec:\qno3k.exe80⤵
-
\??\c:\k5v0f1g.exec:\k5v0f1g.exe81⤵
-
\??\c:\9897v1.exec:\9897v1.exe82⤵
-
\??\c:\l4keco.exec:\l4keco.exe83⤵
-
\??\c:\9439fl.exec:\9439fl.exe84⤵
-
\??\c:\639x5n.exec:\639x5n.exe85⤵
-
\??\c:\k7cx89j.exec:\k7cx89j.exe86⤵
-
\??\c:\02413.exec:\02413.exe87⤵
-
\??\c:\0dqgh6.exec:\0dqgh6.exe88⤵
-
\??\c:\x3j19.exec:\x3j19.exe89⤵
-
\??\c:\e26hr48.exec:\e26hr48.exe90⤵
-
\??\c:\j053k81.exec:\j053k81.exe91⤵
-
\??\c:\d4hvcu4.exec:\d4hvcu4.exe92⤵
-
\??\c:\scd931.exec:\scd931.exe93⤵
-
\??\c:\p4emt7.exec:\p4emt7.exe94⤵
-
\??\c:\la25v.exec:\la25v.exe95⤵
-
\??\c:\939toe.exec:\939toe.exe96⤵
-
\??\c:\aoa3079.exec:\aoa3079.exe97⤵
-
\??\c:\j8g4r2r.exec:\j8g4r2r.exe98⤵
-
\??\c:\47ei2ax.exec:\47ei2ax.exe99⤵
-
\??\c:\0a3n94.exec:\0a3n94.exe100⤵
-
\??\c:\5bh64.exec:\5bh64.exe101⤵
-
\??\c:\5towc.exec:\5towc.exe102⤵
-
\??\c:\95lv64f.exec:\95lv64f.exe103⤵
-
\??\c:\2aukme.exec:\2aukme.exe104⤵
-
\??\c:\6gut2m7.exec:\6gut2m7.exe105⤵
-
\??\c:\ae4k13.exec:\ae4k13.exe106⤵
-
\??\c:\23asw.exec:\23asw.exe107⤵
-
\??\c:\so56m99.exec:\so56m99.exe108⤵
-
\??\c:\17ur0e.exec:\17ur0e.exe109⤵
-
\??\c:\iv00qk.exec:\iv00qk.exe110⤵
-
\??\c:\abg65.exec:\abg65.exe111⤵
-
\??\c:\w54k3.exec:\w54k3.exe112⤵
-
\??\c:\25s58h9.exec:\25s58h9.exe113⤵
-
\??\c:\f1gg5e.exec:\f1gg5e.exe114⤵
-
\??\c:\4x37e5.exec:\4x37e5.exe115⤵
-
\??\c:\h2e5sn1.exec:\h2e5sn1.exe116⤵
-
\??\c:\92xa3a.exec:\92xa3a.exe117⤵
-
\??\c:\p203rti.exec:\p203rti.exe118⤵
-
\??\c:\gpw4pm3.exec:\gpw4pm3.exe119⤵
-
\??\c:\x5cw79k.exec:\x5cw79k.exe120⤵
-
\??\c:\6okk8.exec:\6okk8.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-