Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
03-11-2023 11:07
General
-
Target
NEAS.cac4654b7b2fb859a726d248ebbe27c0.exe
-
Size
349KB
-
MD5
cac4654b7b2fb859a726d248ebbe27c0
-
SHA1
00a4a671c79293d953970788a578ee3a63a15254
-
SHA256
5838f9d113017e6395a82071e88c8473cca8e5f2e37d15e1a356d2b73e0d4e2b
-
SHA512
e002abac39a4581b580242eefeaf57aef14657723c5277d87af4529080a7fcbdd393bfc92f350be15243b9cd5bf069c093025b9770f10bb165fbdf8dbe02f0f9
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px72:n3C9uYA71kSMu08px72
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.cac4654b7b2fb859a726d248ebbe27c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.cac4654b7b2fb859a726d248ebbe27c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntrxd.exec:\ntrxd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxrxhd.exec:\jxrxhd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxxxp.exec:\hxxxp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrddt.exec:\lrddt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhhpjp.exec:\vhhpjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bndlhvj.exec:\bndlhvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrdfl.exec:\lxfrdfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxjtd.exec:\lxjtd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnldn.exec:\ntnldn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjhppjl.exec:\vjhppjl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxnhlp.exec:\vxnhlp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xljlv.exec:\xljlv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhdnrt.exec:\dhdnrt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvxvpj.exec:\nvxvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bltnh.exec:\bltnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvhtjht.exec:\nvhtjht.exe17⤵
- Executes dropped EXE
-
\??\c:\xrnlxn.exec:\xrnlxn.exe18⤵
- Executes dropped EXE
-
\??\c:\vfjpx.exec:\vfjpx.exe19⤵
- Executes dropped EXE
-
\??\c:\xjpjvt.exec:\xjpjvt.exe20⤵
- Executes dropped EXE
-
\??\c:\bbxxr.exec:\bbxxr.exe21⤵
- Executes dropped EXE
-
\??\c:\dnnxbb.exec:\dnnxbb.exe22⤵
- Executes dropped EXE
-
\??\c:\rdfrltb.exec:\rdfrltb.exe23⤵
- Executes dropped EXE
-
\??\c:\nlrxtxh.exec:\nlrxtxh.exe24⤵
- Executes dropped EXE
-
\??\c:\hprhj.exec:\hprhj.exe25⤵
- Executes dropped EXE
-
\??\c:\htljntr.exec:\htljntr.exe26⤵
- Executes dropped EXE
-
\??\c:\vfpddp.exec:\vfpddp.exe27⤵
- Executes dropped EXE
-
\??\c:\bhrfvh.exec:\bhrfvh.exe28⤵
- Executes dropped EXE
-
\??\c:\rxtpf.exec:\rxtpf.exe29⤵
- Executes dropped EXE
-
\??\c:\hphvv.exec:\hphvv.exe30⤵
- Executes dropped EXE
-
\??\c:\nvfxx.exec:\nvfxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nptbpxf.exec:\nptbpxf.exe32⤵
- Executes dropped EXE
-
\??\c:\xlhpf.exec:\xlhpf.exe33⤵
- Executes dropped EXE
-
\??\c:\ltfdxdl.exec:\ltfdxdl.exe34⤵
- Executes dropped EXE
-
\??\c:\hrvrbvr.exec:\hrvrbvr.exe35⤵
- Executes dropped EXE
-
\??\c:\xbflbhn.exec:\xbflbhn.exe36⤵
- Executes dropped EXE
-
\??\c:\jfxjvj.exec:\jfxjvj.exe37⤵
- Executes dropped EXE
-
\??\c:\thbrjf.exec:\thbrjf.exe38⤵
- Executes dropped EXE
-
\??\c:\nrrvtt.exec:\nrrvtt.exe39⤵
- Executes dropped EXE
-
\??\c:\bbhpn.exec:\bbhpn.exe40⤵
- Executes dropped EXE
-
\??\c:\nxxnxjn.exec:\nxxnxjn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdlpvp.exec:\jdlpvp.exe42⤵
- Executes dropped EXE
-
\??\c:\tdppjdx.exec:\tdppjdx.exe43⤵
- Executes dropped EXE
-
\??\c:\vhjtlff.exec:\vhjtlff.exe44⤵
- Executes dropped EXE
-
\??\c:\xhdnbbl.exec:\xhdnbbl.exe45⤵
- Executes dropped EXE
-
\??\c:\jfjbr.exec:\jfjbr.exe46⤵
- Executes dropped EXE
-
\??\c:\jxjlpvf.exec:\jxjlpvf.exe47⤵
- Executes dropped EXE
-
\??\c:\lltfxxj.exec:\lltfxxj.exe48⤵
- Executes dropped EXE
-
\??\c:\ntljvrv.exec:\ntljvrv.exe49⤵
- Executes dropped EXE
-
\??\c:\vrvrd.exec:\vrvrd.exe50⤵
- Executes dropped EXE
-
\??\c:\jhvbbll.exec:\jhvbbll.exe51⤵
- Executes dropped EXE
-
\??\c:\jlntjh.exec:\jlntjh.exe52⤵
- Executes dropped EXE
-
\??\c:\jrprxd.exec:\jrprxd.exe53⤵
- Executes dropped EXE
-
\??\c:\xppnpfx.exec:\xppnpfx.exe54⤵
- Executes dropped EXE
-
\??\c:\xrdlv.exec:\xrdlv.exe55⤵
- Executes dropped EXE
-
\??\c:\rhjxtll.exec:\rhjxtll.exe56⤵
- Executes dropped EXE
-
\??\c:\xdlbl.exec:\xdlbl.exe57⤵
- Executes dropped EXE
-
\??\c:\fjdrt.exec:\fjdrt.exe58⤵
- Executes dropped EXE
-
\??\c:\dpxfx.exec:\dpxfx.exe59⤵
- Executes dropped EXE
-
\??\c:\jdnhlbn.exec:\jdnhlbn.exe60⤵
- Executes dropped EXE
-
\??\c:\fljtf.exec:\fljtf.exe61⤵
- Executes dropped EXE
-
\??\c:\brdrxtf.exec:\brdrxtf.exe62⤵
- Executes dropped EXE
-
\??\c:\xlhnplv.exec:\xlhnplv.exe63⤵
- Executes dropped EXE
-
\??\c:\vrxflb.exec:\vrxflb.exe64⤵
- Executes dropped EXE
-
\??\c:\rrjxhxr.exec:\rrjxhxr.exe65⤵
- Executes dropped EXE
-
\??\c:\jxxbjl.exec:\jxxbjl.exe66⤵
-
\??\c:\nrntvb.exec:\nrntvb.exe67⤵
-
\??\c:\xxlplh.exec:\xxlplh.exe68⤵
-
\??\c:\nbhddvx.exec:\nbhddvx.exe69⤵
-
\??\c:\vtjrvpv.exec:\vtjrvpv.exe70⤵
-
\??\c:\hnttxh.exec:\hnttxh.exe71⤵
-
\??\c:\xhdjf.exec:\xhdjf.exe72⤵
-
\??\c:\lrvbrd.exec:\lrvbrd.exe73⤵
-
\??\c:\njfprrl.exec:\njfprrl.exe74⤵
-
\??\c:\hvvlrb.exec:\hvvlrb.exe75⤵
-
\??\c:\hntbtx.exec:\hntbtx.exe76⤵
-
\??\c:\jflpt.exec:\jflpt.exe77⤵
-
\??\c:\fntlrj.exec:\fntlrj.exe78⤵
-
\??\c:\rrlltjp.exec:\rrlltjp.exe79⤵
-
\??\c:\rntfl.exec:\rntfl.exe80⤵
-
\??\c:\tfdpr.exec:\tfdpr.exe81⤵
-
\??\c:\tjxtvvj.exec:\tjxtvvj.exe82⤵
-
\??\c:\jtlvfh.exec:\jtlvfh.exe83⤵
-
\??\c:\bdndj.exec:\bdndj.exe84⤵
-
\??\c:\rjjhf.exec:\rjjhf.exe85⤵
-
\??\c:\bnlfn.exec:\bnlfn.exe86⤵
-
\??\c:\hflxfv.exec:\hflxfv.exe87⤵
-
\??\c:\phxdjr.exec:\phxdjr.exe88⤵
-
\??\c:\pbrxlnv.exec:\pbrxlnv.exe89⤵
-
\??\c:\xtrvhx.exec:\xtrvhx.exe90⤵
-
\??\c:\dttth.exec:\dttth.exe91⤵
-
\??\c:\njvht.exec:\njvht.exe92⤵
-
\??\c:\jrntnv.exec:\jrntnv.exe93⤵
-
\??\c:\phjtf.exec:\phjtf.exe94⤵
-
\??\c:\bhtvp.exec:\bhtvp.exe95⤵
-
\??\c:\jbdtn.exec:\jbdtn.exe96⤵
-
\??\c:\ltdvxjx.exec:\ltdvxjx.exe97⤵
-
\??\c:\ndbjlth.exec:\ndbjlth.exe98⤵
-
\??\c:\thjbf.exec:\thjbf.exe99⤵
-
\??\c:\hvjnb.exec:\hvjnb.exe100⤵
-
\??\c:\dttxrf.exec:\dttxrf.exe101⤵
-
\??\c:\lrrddh.exec:\lrrddh.exe102⤵
-
\??\c:\xddvh.exec:\xddvh.exe103⤵
-
\??\c:\rlndbhb.exec:\rlndbhb.exe104⤵
-
\??\c:\xtvjx.exec:\xtvjx.exe105⤵
-
\??\c:\xbdbt.exec:\xbdbt.exe106⤵
-
\??\c:\nbhtxdd.exec:\nbhtxdd.exe107⤵
-
\??\c:\tbnhfb.exec:\tbnhfb.exe108⤵
-
\??\c:\tvxpv.exec:\tvxpv.exe109⤵
-
\??\c:\pnthx.exec:\pnthx.exe110⤵
-
\??\c:\ftfhxd.exec:\ftfhxd.exe111⤵
-
\??\c:\fpdrd.exec:\fpdrd.exe112⤵
-
\??\c:\nhjft.exec:\nhjft.exe113⤵
-
\??\c:\tfjjlj.exec:\tfjjlj.exe114⤵
-
\??\c:\bpvdjp.exec:\bpvdjp.exe115⤵
-
\??\c:\rhffvfn.exec:\rhffvfn.exe116⤵
-
\??\c:\jxtjlh.exec:\jxtjlh.exe117⤵
-
\??\c:\tlrdfxt.exec:\tlrdfxt.exe118⤵
-
\??\c:\dxrtpl.exec:\dxrtpl.exe119⤵
-
\??\c:\lfdtrh.exec:\lfdtrh.exe120⤵
-
\??\c:\hfxtnn.exec:\hfxtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-