Analysis
-
max time kernel
125s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
01/11/2023, 04:05
General
-
Target
NEAS.0b6ec5e9deeff0f8e65808356d3ed100.exe
-
Size
95KB
-
MD5
0b6ec5e9deeff0f8e65808356d3ed100
-
SHA1
e3516b99635c2932085d34e02a3075ffcda09515
-
SHA256
db7fbeb002f60dc35c7f2d2066e999e38656b5f6ff27e8d475c9963446758d8f
-
SHA512
64d4ff7c055501ea377411323227c40c71a06b4bc893d8ada85f8eb79a99a40a8383eff4d368a0107b28ea526511590f10ba0577e44ab824e31c1c6583f80753
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+mzv7oEzNmNMvS+:ymb3NkkiQ3mdBjF+3TYzvTK+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.0b6ec5e9deeff0f8e65808356d3ed100.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.0b6ec5e9deeff0f8e65808356d3ed100.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9d5qq7.exec:\9d5qq7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\awd2i.exec:\awd2i.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0okww.exec:\0okww.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\295971.exec:\295971.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8s56c1.exec:\8s56c1.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t3soc.exec:\t3soc.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h1555kc.exec:\h1555kc.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fakqs.exec:\fakqs.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m9ud0qp.exec:\m9ud0qp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r6c81.exec:\r6c81.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\31h3mtv.exec:\31h3mtv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qu7s3w7.exec:\qu7s3w7.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pl2f7e.exec:\pl2f7e.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w79gk5.exec:\w79gk5.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\r52e9m.exec:\r52e9m.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6m711i.exec:\6m711i.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h96k4.exec:\h96k4.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11esca.exec:\11esca.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37l7111.exec:\37l7111.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8r6a318.exec:\8r6a318.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2f1l1.exec:\2f1l1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l3357.exec:\l3357.exe8⤵
- Executes dropped EXE
-
\??\c:\o43da.exec:\o43da.exe9⤵
- Executes dropped EXE
-
\??\c:\51559.exec:\51559.exe10⤵
- Executes dropped EXE
-
\??\c:\ag57153.exec:\ag57153.exe11⤵
- Executes dropped EXE
-
\??\c:\9512a95.exec:\9512a95.exe12⤵
- Executes dropped EXE
-
\??\c:\s7c0r4l.exec:\s7c0r4l.exe13⤵
- Executes dropped EXE
-
\??\c:\n1ed5.exec:\n1ed5.exe14⤵
- Executes dropped EXE
-
\??\c:\93wch50.exec:\93wch50.exe15⤵
- Executes dropped EXE
-
\??\c:\qd1k55.exec:\qd1k55.exe16⤵
- Executes dropped EXE
-
\??\c:\51571.exec:\51571.exe17⤵
- Executes dropped EXE
-
\??\c:\7971733.exec:\7971733.exe18⤵
- Executes dropped EXE
-
\??\c:\qe15al.exec:\qe15al.exe19⤵
- Executes dropped EXE
-
\??\c:\59aki.exec:\59aki.exe20⤵
- Executes dropped EXE
-
\??\c:\ql375oj.exec:\ql375oj.exe21⤵
- Executes dropped EXE
-
\??\c:\kcuoc.exec:\kcuoc.exe22⤵
- Executes dropped EXE
-
\??\c:\593mm.exec:\593mm.exe23⤵
- Executes dropped EXE
-
\??\c:\56k99e.exec:\56k99e.exe24⤵
- Executes dropped EXE
-
\??\c:\4g579u.exec:\4g579u.exe25⤵
- Executes dropped EXE
-
\??\c:\n2akooo.exec:\n2akooo.exe26⤵
- Executes dropped EXE
-
\??\c:\ne35a.exec:\ne35a.exe27⤵
- Executes dropped EXE
-
\??\c:\p0a38w.exec:\p0a38w.exe28⤵
- Executes dropped EXE
-
\??\c:\318uksq.exec:\318uksq.exe29⤵
- Executes dropped EXE
-
\??\c:\5j539.exec:\5j539.exe30⤵
- Executes dropped EXE
-
\??\c:\19lfpm.exec:\19lfpm.exe31⤵
- Executes dropped EXE
-
\??\c:\r9s7kp.exec:\r9s7kp.exe32⤵
- Executes dropped EXE
-
\??\c:\am6wa.exec:\am6wa.exe33⤵
- Executes dropped EXE
-
\??\c:\n1i7wl.exec:\n1i7wl.exe34⤵
-
\??\c:\493wf9.exec:\493wf9.exe35⤵
- Executes dropped EXE
-
\??\c:\qw71ox.exec:\qw71ox.exe36⤵
- Executes dropped EXE
-
\??\c:\2kt3a4u.exec:\2kt3a4u.exe37⤵
- Executes dropped EXE
-
\??\c:\16mb7q.exec:\16mb7q.exe38⤵
- Executes dropped EXE
-
\??\c:\couis.exec:\couis.exe39⤵
- Executes dropped EXE
-
\??\c:\5wh9599.exec:\5wh9599.exe40⤵
-
\??\c:\8gogecb.exec:\8gogecb.exe41⤵
- Executes dropped EXE
-
\??\c:\54ci1ag.exec:\54ci1ag.exe42⤵
- Executes dropped EXE
-
\??\c:\4qsjpvr.exec:\4qsjpvr.exe43⤵
- Executes dropped EXE
-
\??\c:\c717w.exec:\c717w.exe44⤵
- Executes dropped EXE
-
\??\c:\53111.exec:\53111.exe45⤵
- Executes dropped EXE
-
\??\c:\5iemu.exec:\5iemu.exe46⤵
- Executes dropped EXE
-
\??\c:\aiqswko.exec:\aiqswko.exe47⤵
- Executes dropped EXE
-
\??\c:\9993309.exec:\9993309.exe48⤵
- Executes dropped EXE
-
\??\c:\1570f.exec:\1570f.exe49⤵
- Executes dropped EXE
-
\??\c:\57us30c.exec:\57us30c.exe50⤵
- Executes dropped EXE
-
\??\c:\ch7919a.exec:\ch7919a.exe51⤵
-
\??\c:\i4tk70.exec:\i4tk70.exe52⤵
-
\??\c:\8x6r4q.exec:\8x6r4q.exe53⤵
-
\??\c:\19137.exec:\19137.exe54⤵
-
\??\c:\1775kq.exec:\1775kq.exe55⤵
-
\??\c:\395979.exec:\395979.exe56⤵
-
\??\c:\rb0i953.exec:\rb0i953.exe57⤵
-
\??\c:\v59i38.exec:\v59i38.exe58⤵
-
\??\c:\4k34s.exec:\4k34s.exe59⤵
-
\??\c:\i8b3e.exec:\i8b3e.exe60⤵
-
\??\c:\8qf2n5.exec:\8qf2n5.exe61⤵
-
\??\c:\v18w9.exec:\v18w9.exe62⤵
-
\??\c:\eq317uj.exec:\eq317uj.exe63⤵
-
\??\c:\3l5cuup.exec:\3l5cuup.exe64⤵
-
\??\c:\79qem.exec:\79qem.exe65⤵
-
\??\c:\q39a58.exec:\q39a58.exe66⤵
-
\??\c:\1u3tc16.exec:\1u3tc16.exe67⤵
-
\??\c:\86v177.exec:\86v177.exe68⤵
-
\??\c:\cc1595c.exec:\cc1595c.exe69⤵
-
\??\c:\2w530e.exec:\2w530e.exe70⤵
-
\??\c:\tn6a2s.exec:\tn6a2s.exe71⤵
-
\??\c:\55qa36.exec:\55qa36.exe72⤵
- Executes dropped EXE
-
\??\c:\6x7ms.exec:\6x7ms.exe73⤵
-
\??\c:\9f52m4.exec:\9f52m4.exe74⤵
-
\??\c:\sfkkq13.exec:\sfkkq13.exe75⤵
-
\??\c:\8asqq.exec:\8asqq.exe76⤵
-
\??\c:\did1a19.exec:\did1a19.exe77⤵
-
\??\c:\bw037.exec:\bw037.exe78⤵
- Executes dropped EXE
-
\??\c:\ke88015.exec:\ke88015.exe79⤵
-
\??\c:\mt51u.exec:\mt51u.exe80⤵
-
\??\c:\4a95u.exec:\4a95u.exe81⤵
-
\??\c:\gpoea.exec:\gpoea.exe82⤵
-
\??\c:\jum54.exec:\jum54.exe83⤵
-
\??\c:\nxul0ke.exec:\nxul0ke.exe84⤵
-
\??\c:\guakoo.exec:\guakoo.exe85⤵
-
\??\c:\8gr72s.exec:\8gr72s.exe86⤵
-
\??\c:\3ekimeq.exec:\3ekimeq.exe87⤵
-
\??\c:\dookr6.exec:\dookr6.exe88⤵
-
\??\c:\xmeue.exec:\xmeue.exe89⤵
-
\??\c:\6n4aww.exec:\6n4aww.exe90⤵
-
\??\c:\ie16wr7.exec:\ie16wr7.exe91⤵
-
\??\c:\26kw7q.exec:\26kw7q.exe92⤵
-
\??\c:\314l32g.exec:\314l32g.exe93⤵
-
\??\c:\55319.exec:\55319.exe94⤵
-
\??\c:\8q72eok.exec:\8q72eok.exe95⤵
-
\??\c:\739534l.exec:\739534l.exe96⤵
-
\??\c:\uk76f.exec:\uk76f.exe97⤵
-
\??\c:\9qv56j.exec:\9qv56j.exe98⤵
-
\??\c:\3h13mh7.exec:\3h13mh7.exe99⤵
-
\??\c:\60ckai.exec:\60ckai.exe100⤵
-
\??\c:\85359.exec:\85359.exe101⤵
-
\??\c:\9n13135.exec:\9n13135.exe102⤵
-
\??\c:\c1e975q.exec:\c1e975q.exe103⤵
-
\??\c:\5j195.exec:\5j195.exe104⤵
-
\??\c:\056e9.exec:\056e9.exe105⤵
-
\??\c:\132m9.exec:\132m9.exe106⤵
-
\??\c:\d1gceks.exec:\d1gceks.exe107⤵
-
\??\c:\0591rdw.exec:\0591rdw.exe108⤵
-
\??\c:\b2umcv.exec:\b2umcv.exe109⤵
-
\??\c:\si32l72.exec:\si32l72.exe110⤵
-
\??\c:\158ad14.exec:\158ad14.exe111⤵
-
\??\c:\f04aak.exec:\f04aak.exe112⤵
-
\??\c:\k5dulv.exec:\k5dulv.exe113⤵
-
\??\c:\rg59wx5.exec:\rg59wx5.exe114⤵
-
\??\c:\7ap1555.exec:\7ap1555.exe115⤵
-
\??\c:\aseus18.exec:\aseus18.exe116⤵
-
\??\c:\91ep7.exec:\91ep7.exe117⤵
-
\??\c:\cm66k9.exec:\cm66k9.exe118⤵
-
\??\c:\37uf1qq.exec:\37uf1qq.exe119⤵
-
\??\c:\s15rd.exec:\s15rd.exe120⤵
-
\??\c:\59sis.exec:\59sis.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-