Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
31-10-2023 21:27
General
-
Target
NEAS.e5d76daead20c846bdc2f0671ae2bdd0_JC.exe
-
Size
407KB
-
MD5
e5d76daead20c846bdc2f0671ae2bdd0
-
SHA1
14a09f68099181e614dcde57bbc4cbe75569ab16
-
SHA256
794e24350dff4477052fa9d0fe1e5547bbcdc4e3c5aba7e83100ff0dfb60211c
-
SHA512
6cec6678fc222c2582dd51c6907a0c6111aeb783aa16b7bc29ea2c04cd4b5bbb4695a9556aaee37e40984f7fc0c73afc36ac3ac8a249df16446dd90d4f664f4f
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx9FK:n3C9yMo+S0L9xRnoq7H9FK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e5d76daead20c846bdc2f0671ae2bdd0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e5d76daead20c846bdc2f0671ae2bdd0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frnxfbh.exec:\frnxfbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbjxfn.exec:\rbjxfn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhvpj.exec:\bhhhvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbvlr.exec:\bbvlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htvrxpl.exec:\htvrxpl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbxpbjh.exec:\rbxpbjh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bblnbr.exec:\bblnbr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnptlt.exec:\pnptlt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjnbntr.exec:\tjnbntr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnvrn.exec:\dnvrn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fpvrf.exec:\fpvrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvrhjbv.exec:\bvrhjbv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdfhrj.exec:\hdfhrj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvxpltt.exec:\jvxpltt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npjxhrh.exec:\npjxhrh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrdr.exec:\frrdr.exe17⤵
- Executes dropped EXE
-
\??\c:\dhdlprb.exec:\dhdlprb.exe18⤵
- Executes dropped EXE
-
\??\c:\hnfljp.exec:\hnfljp.exe19⤵
- Executes dropped EXE
-
\??\c:\vrlpl.exec:\vrlpl.exe20⤵
- Executes dropped EXE
-
\??\c:\fdbjrl.exec:\fdbjrl.exe21⤵
- Executes dropped EXE
-
\??\c:\hhlnj.exec:\hhlnj.exe22⤵
- Executes dropped EXE
-
\??\c:\dljjprd.exec:\dljjprd.exe23⤵
- Executes dropped EXE
-
\??\c:\bljpb.exec:\bljpb.exe24⤵
- Executes dropped EXE
-
\??\c:\fbbljpv.exec:\fbbljpv.exe25⤵
- Executes dropped EXE
-
\??\c:\vdpnv.exec:\vdpnv.exe26⤵
- Executes dropped EXE
-
\??\c:\bfrhrx.exec:\bfrhrx.exe27⤵
- Executes dropped EXE
-
\??\c:\tplrb.exec:\tplrb.exe28⤵
- Executes dropped EXE
-
\??\c:\njhdh.exec:\njhdh.exe29⤵
- Executes dropped EXE
-
\??\c:\dxlpdv.exec:\dxlpdv.exe30⤵
- Executes dropped EXE
-
\??\c:\vjdprvx.exec:\vjdprvx.exe31⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\hbnvh.exec:\hbnvh.exe1⤵
- Executes dropped EXE
-
\??\c:\bntbhv.exec:\bntbhv.exe2⤵
- Executes dropped EXE
-
\??\c:\hvldbjb.exec:\hvldbjb.exe3⤵
- Executes dropped EXE
-
\??\c:\fnvddnp.exec:\fnvddnp.exe4⤵
- Executes dropped EXE
-
\??\c:\tbvhp.exec:\tbvhp.exe5⤵
- Executes dropped EXE
-
\??\c:\pnjpbbb.exec:\pnjpbbb.exe6⤵
- Executes dropped EXE
-
\??\c:\jnhdpb.exec:\jnhdpb.exe7⤵
- Executes dropped EXE
-
\??\c:\ltlvh.exec:\ltlvh.exe8⤵
- Executes dropped EXE
-
\??\c:\jlflnjj.exec:\jlflnjj.exe9⤵
- Executes dropped EXE
-
\??\c:\vdvrl.exec:\vdvrl.exe10⤵
- Executes dropped EXE
-
\??\c:\bdvxf.exec:\bdvxf.exe11⤵
- Executes dropped EXE
-
\??\c:\bdlvpjr.exec:\bdlvpjr.exe12⤵
- Executes dropped EXE
-
\??\c:\fbbjlrn.exec:\fbbjlrn.exe13⤵
- Executes dropped EXE
-
\??\c:\rvjhhbh.exec:\rvjhhbh.exe14⤵
- Executes dropped EXE
-
\??\c:\nxhrff.exec:\nxhrff.exe15⤵
- Executes dropped EXE
-
\??\c:\bvpblt.exec:\bvpblt.exe16⤵
- Executes dropped EXE
-
\??\c:\djffn.exec:\djffn.exe17⤵
- Executes dropped EXE
-
\??\c:\drvhh.exec:\drvhh.exe18⤵
- Executes dropped EXE
-
\??\c:\plnjppx.exec:\plnjppx.exe19⤵
- Executes dropped EXE
-
\??\c:\ldbrvtv.exec:\ldbrvtv.exe20⤵
- Executes dropped EXE
-
\??\c:\vrjdthl.exec:\vrjdthl.exe21⤵
- Executes dropped EXE
-
\??\c:\btvtv.exec:\btvtv.exe22⤵
- Executes dropped EXE
-
\??\c:\bjhnxjx.exec:\bjhnxjx.exe23⤵
- Executes dropped EXE
-
\??\c:\trbxhhj.exec:\trbxhhj.exe24⤵
- Executes dropped EXE
-
\??\c:\jrpbxd.exec:\jrpbxd.exe25⤵
- Executes dropped EXE
-
\??\c:\hrrjp.exec:\hrrjp.exe26⤵
- Executes dropped EXE
-
\??\c:\fnjjn.exec:\fnjjn.exe27⤵
- Executes dropped EXE
-
\??\c:\btpxbl.exec:\btpxbl.exe28⤵
- Executes dropped EXE
-
\??\c:\rbpvfr.exec:\rbpvfr.exe29⤵
- Executes dropped EXE
-
\??\c:\njjdx.exec:\njjdx.exe30⤵
- Executes dropped EXE
-
\??\c:\pjhjbn.exec:\pjhjbn.exe31⤵
- Executes dropped EXE
-
\??\c:\ljhfxnh.exec:\ljhfxnh.exe32⤵
- Executes dropped EXE
-
\??\c:\trvxxhn.exec:\trvxxhn.exe33⤵
- Executes dropped EXE
-
\??\c:\pbbbbh.exec:\pbbbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\tdrxx.exec:\tdrxx.exe35⤵
-
\??\c:\bnbdpxt.exec:\bnbdpxt.exe36⤵
-
\??\c:\prhfpnx.exec:\prhfpnx.exe37⤵
-
\??\c:\phhhph.exec:\phhhph.exe38⤵
-
\??\c:\nnnfd.exec:\nnnfd.exe39⤵
-
\??\c:\dfjnpd.exec:\dfjnpd.exe40⤵
-
\??\c:\rttplr.exec:\rttplr.exe41⤵
-
\??\c:\nnlhpfb.exec:\nnlhpfb.exe42⤵
-
\??\c:\pfvjr.exec:\pfvjr.exe43⤵
-
\??\c:\nnrnfxf.exec:\nnrnfxf.exe44⤵
-
\??\c:\hppfd.exec:\hppfd.exe45⤵
-
\??\c:\lxblbnt.exec:\lxblbnt.exe46⤵
-
\??\c:\vtpbb.exec:\vtpbb.exe47⤵
-
\??\c:\xhtdp.exec:\xhtdp.exe48⤵
-
\??\c:\ndndn.exec:\ndndn.exe49⤵
-
\??\c:\hrbbphb.exec:\hrbbphb.exe50⤵
-
\??\c:\lvrjxvp.exec:\lvrjxvp.exe51⤵
-
\??\c:\btbrf.exec:\btbrf.exe52⤵
-
\??\c:\vjdjrv.exec:\vjdjrv.exe53⤵
-
\??\c:\tbttbrd.exec:\tbttbrd.exe54⤵
-
\??\c:\fhlpl.exec:\fhlpl.exe55⤵
-
\??\c:\npdnj.exec:\npdnj.exe56⤵
-
\??\c:\bdlvndx.exec:\bdlvndx.exe57⤵
-
\??\c:\bptbb.exec:\bptbb.exe58⤵
-
\??\c:\btjrrh.exec:\btjrrh.exe59⤵
-
\??\c:\bxpnhl.exec:\bxpnhl.exe60⤵
-
\??\c:\bfjbfh.exec:\bfjbfh.exe61⤵
-
\??\c:\pjjbnr.exec:\pjjbnr.exe62⤵
-
\??\c:\xrppdlf.exec:\xrppdlf.exe63⤵
-
\??\c:\lfhxv.exec:\lfhxv.exe64⤵
-
\??\c:\trlbrxh.exec:\trlbrxh.exe65⤵
-
\??\c:\vdrbd.exec:\vdrbd.exe66⤵
-
\??\c:\vlfjt.exec:\vlfjt.exe67⤵
-
\??\c:\hdhfrx.exec:\hdhfrx.exe68⤵
-
\??\c:\btbxl.exec:\btbxl.exe69⤵
-
\??\c:\tljfr.exec:\tljfr.exe70⤵
-
\??\c:\blrfp.exec:\blrfp.exe71⤵
-
\??\c:\rfdnrjj.exec:\rfdnrjj.exe72⤵
-
\??\c:\hvvjtrn.exec:\hvvjtrn.exe73⤵
-
\??\c:\ntxprjp.exec:\ntxprjp.exe74⤵
-
\??\c:\ljhht.exec:\ljhht.exe75⤵
-
\??\c:\brhjb.exec:\brhjb.exe76⤵
-
\??\c:\hjfxtht.exec:\hjfxtht.exe77⤵
-
\??\c:\jlndd.exec:\jlndd.exe78⤵
-
\??\c:\bxjvjxt.exec:\bxjvjxt.exe79⤵
-
\??\c:\ndpprvn.exec:\ndpprvn.exe80⤵
-
\??\c:\dvhppn.exec:\dvhppn.exe81⤵
-
\??\c:\jvjnb.exec:\jvjnb.exe82⤵
-
\??\c:\hblltrd.exec:\hblltrd.exe83⤵
-
\??\c:\xtdnbnn.exec:\xtdnbnn.exe84⤵
-
\??\c:\fxfrxb.exec:\fxfrxb.exe85⤵
-
\??\c:\vblxnl.exec:\vblxnl.exe86⤵
-
\??\c:\vnjjh.exec:\vnjjh.exe87⤵
-
\??\c:\pvvbpb.exec:\pvvbpb.exe88⤵
-
\??\c:\dptndvx.exec:\dptndvx.exe89⤵
-
\??\c:\ptjjhn.exec:\ptjjhn.exe90⤵
-
\??\c:\jprvxp.exec:\jprvxp.exe91⤵
-
\??\c:\jjvhfjb.exec:\jjvhfjb.exe92⤵
-
\??\c:\lrhjlr.exec:\lrhjlr.exe93⤵
-
\??\c:\rfpttbd.exec:\rfpttbd.exe94⤵
-
\??\c:\lpbfrfp.exec:\lpbfrfp.exe95⤵
-
\??\c:\djhvvvp.exec:\djhvvvp.exe96⤵
-
\??\c:\vrdnd.exec:\vrdnd.exe97⤵
-
\??\c:\vdjhjh.exec:\vdjhjh.exe98⤵
-
\??\c:\bjbprnt.exec:\bjbprnt.exe99⤵
-
\??\c:\trvxlf.exec:\trvxlf.exe100⤵
-
\??\c:\hpfxb.exec:\hpfxb.exe101⤵
-
\??\c:\nxhfdn.exec:\nxhfdn.exe102⤵
-
\??\c:\nrpnhlj.exec:\nrpnhlj.exe103⤵
-
\??\c:\nrjlb.exec:\nrjlb.exe104⤵
-
\??\c:\lvpvjvt.exec:\lvpvjvt.exe105⤵
-
\??\c:\tffbbtp.exec:\tffbbtp.exe106⤵
-
\??\c:\rjdtbv.exec:\rjdtbv.exe107⤵
-
\??\c:\tjbhp.exec:\tjbhp.exe108⤵
-
\??\c:\fpbth.exec:\fpbth.exe109⤵
-
\??\c:\fphbhnd.exec:\fphbhnd.exe110⤵
-
\??\c:\tvjjbrr.exec:\tvjjbrr.exe111⤵
-
\??\c:\xdhhdvt.exec:\xdhhdvt.exe112⤵
-
\??\c:\rjfbl.exec:\rjfbl.exe113⤵
-
\??\c:\jrbndrr.exec:\jrbndrr.exe114⤵
-
\??\c:\tdrhfrf.exec:\tdrhfrf.exe115⤵
-
\??\c:\jxbnxj.exec:\jxbnxj.exe116⤵
-
\??\c:\xbnvvv.exec:\xbnvvv.exe117⤵
-
\??\c:\dvfrlj.exec:\dvfrlj.exe118⤵
-
\??\c:\rvnlxh.exec:\rvnlxh.exe119⤵
-
\??\c:\fjxbpd.exec:\fjxbpd.exe120⤵
-
\??\c:\hfdhbh.exec:\hfdhbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-