Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
12/11/2023, 22:16
General
-
Target
NEAS.6bef9eaf6e09895fb04758f9588fa230.exe
-
Size
128KB
-
MD5
6bef9eaf6e09895fb04758f9588fa230
-
SHA1
742092675309e1136ab0a478374e980f1149f7f0
-
SHA256
6c4e4714d08fe26d884510eab9af2d272e0dff461eda329a1f0a72c947167a7b
-
SHA512
7d4fe46e1853cb14a4c96fb5e8aad0fa96bf4e7213be8fbfa608bb9159c20aa14d5cf3e74b851567ba7101f6740e955ff98e25fde6b01c348ebfd5c29d03d9ab
-
SSDEEP
3072:chOmTsF93UYfwC6GIout5pi8rY9AABa11zoOg7ITEF+dNJn:ccm4FmowdHoS5ddWccj8IF+d
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.6bef9eaf6e09895fb04758f9588fa230.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.6bef9eaf6e09895fb04758f9588fa230.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbxtvv.exec:\bhbxtvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffhndlv.exec:\ffhndlv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxjxplj.exec:\hxjxplj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlbvjb.exec:\jlbvjb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvdlfh.exec:\rvdlfh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttfbjxd.exec:\ttfbjxd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flphbfl.exec:\flphbfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnvpt.exec:\dnvpt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlxbhth.exec:\nlxbhth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtldvl.exec:\xtldvl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhplv.exec:\tbhplv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hffvvxl.exec:\hffvvxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nffvh.exec:\nffvh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvtfr.exec:\pvtfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbvnntt.exec:\dbvnntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlvpr.exec:\rlvpr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bltbx.exec:\bltbx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpbfl.exec:\rpbfl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtjdphb.exec:\rtjdphb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phxhv.exec:\phxhv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnfpdnp.exec:\rnfpdnp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlptln.exec:\rlptln.exe23⤵
- Executes dropped EXE
-
\??\c:\xnnxpt.exec:\xnnxpt.exe24⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\hxxlbh.exec:\hxxlbh.exe8⤵
-
-
-
-
-
-
-
-
\??\c:\bxdpr.exec:\bxdpr.exe1⤵
- Executes dropped EXE
-
\??\c:\hxrhxfh.exec:\hxrhxfh.exe2⤵
- Executes dropped EXE
-
\??\c:\rrfjnh.exec:\rrfjnh.exe3⤵
- Executes dropped EXE
-
\??\c:\npjxhbd.exec:\npjxhbd.exe4⤵
- Executes dropped EXE
-
\??\c:\ftvpll.exec:\ftvpll.exe5⤵
- Executes dropped EXE
-
\??\c:\pdxvj.exec:\pdxvj.exe6⤵
- Executes dropped EXE
-
-
-
-
-
-
\??\c:\vfprn.exec:\vfprn.exe1⤵
- Executes dropped EXE
-
\??\c:\rfrjprp.exec:\rfrjprp.exe2⤵
- Executes dropped EXE
-
\??\c:\rrpbp.exec:\rrpbp.exe3⤵
- Executes dropped EXE
-
\??\c:\blvtfll.exec:\blvtfll.exe4⤵
- Executes dropped EXE
-
\??\c:\xfrhf.exec:\xfrhf.exe5⤵
- Executes dropped EXE
-
\??\c:\jxvrf.exec:\jxvrf.exe6⤵
- Executes dropped EXE
-
\??\c:\xtvltvh.exec:\xtvltvh.exe7⤵
- Executes dropped EXE
-
\??\c:\xdplp.exec:\xdplp.exe8⤵
- Executes dropped EXE
-
\??\c:\ftpnv.exec:\ftpnv.exe9⤵
- Executes dropped EXE
-
\??\c:\hfvrjhh.exec:\hfvrjhh.exe10⤵
- Executes dropped EXE
-
\??\c:\ndbfdf.exec:\ndbfdf.exe11⤵
- Executes dropped EXE
-
\??\c:\bvjjb.exec:\bvjjb.exe12⤵
- Executes dropped EXE
-
\??\c:\tjfhx.exec:\tjfhx.exe13⤵
- Executes dropped EXE
-
\??\c:\jrblxl.exec:\jrblxl.exe14⤵
- Executes dropped EXE
-
\??\c:\plbbf.exec:\plbbf.exe15⤵
- Executes dropped EXE
-
\??\c:\blfvj.exec:\blfvj.exe16⤵
- Executes dropped EXE
-
\??\c:\hdpxfhp.exec:\hdpxfhp.exe17⤵
- Executes dropped EXE
-
\??\c:\vlnnp.exec:\vlnnp.exe18⤵
- Executes dropped EXE
-
\??\c:\rljlpl.exec:\rljlpl.exe19⤵
- Executes dropped EXE
-
\??\c:\hvdjdl.exec:\hvdjdl.exe20⤵
- Executes dropped EXE
-
\??\c:\vhpfjvf.exec:\vhpfjvf.exe21⤵
- Executes dropped EXE
-
\??\c:\jffnd.exec:\jffnd.exe22⤵
- Executes dropped EXE
-
\??\c:\tbdxlv.exec:\tbdxlv.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhxhbj.exec:\tnhxhbj.exe24⤵
- Executes dropped EXE
-
\??\c:\ndfjj.exec:\ndfjj.exe25⤵
- Executes dropped EXE
-
\??\c:\lhbpr.exec:\lhbpr.exe26⤵
- Executes dropped EXE
-
\??\c:\vprrv.exec:\vprrv.exe27⤵
- Executes dropped EXE
-
\??\c:\vrjrb.exec:\vrjrb.exe28⤵
- Executes dropped EXE
-
\??\c:\vltdfnf.exec:\vltdfnf.exe29⤵
- Executes dropped EXE
-
\??\c:\fdvhn.exec:\fdvhn.exe30⤵
- Executes dropped EXE
-
\??\c:\ntvnrj.exec:\ntvnrj.exe31⤵
- Executes dropped EXE
-
\??\c:\prdxh.exec:\prdxh.exe32⤵
- Executes dropped EXE
-
\??\c:\dxbrvhr.exec:\dxbrvhr.exe33⤵
- Executes dropped EXE
-
\??\c:\hnvxdt.exec:\hnvxdt.exe34⤵
- Executes dropped EXE
-
\??\c:\dllfxl.exec:\dllfxl.exe35⤵
- Executes dropped EXE
-
-
\??\c:\ttnvrjf.exec:\ttnvrjf.exe35⤵
-
\??\c:\pxjnt.exec:\pxjnt.exe36⤵
-
-
-
-
\??\c:\lpnjpln.exec:\lpnjpln.exe34⤵
-
-
-
-
-
-
-
-
-
-
\??\c:\jvtljfp.exec:\jvtljfp.exe26⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\jnrvl.exec:\jnrvl.exe1⤵
-
\??\c:\jtlfjxj.exec:\jtlfjxj.exe2⤵
-
\??\c:\fjnjdv.exec:\fjnjdv.exe3⤵
-
\??\c:\nbvjrx.exec:\nbvjrx.exe4⤵
-
\??\c:\tlxfpp.exec:\tlxfpp.exe5⤵
-
\??\c:\rfdhb.exec:\rfdhb.exe6⤵
-
\??\c:\tfpplt.exec:\tfpplt.exe7⤵
-
\??\c:\hhndx.exec:\hhndx.exe8⤵
-
\??\c:\rxphnhl.exec:\rxphnhl.exe9⤵
-
\??\c:\nttxj.exec:\nttxj.exe10⤵
-
\??\c:\ttfrdjj.exec:\ttfrdjj.exe11⤵
-
\??\c:\bjbpld.exec:\bjbpld.exe12⤵
-
\??\c:\rbjffrf.exec:\rbjffrf.exe13⤵
-
\??\c:\hjbhphn.exec:\hjbhphn.exe14⤵
-
\??\c:\pjhvdr.exec:\pjhvdr.exe15⤵
-
\??\c:\fxxxnhn.exec:\fxxxnhn.exe16⤵
-
\??\c:\hrrlf.exec:\hrrlf.exe17⤵
-
\??\c:\xhdlnj.exec:\xhdlnj.exe18⤵
-
\??\c:\tvdhbdl.exec:\tvdhbdl.exe19⤵
-
\??\c:\ldtdrf.exec:\ldtdrf.exe20⤵
-
\??\c:\txrfhd.exec:\txrfhd.exe21⤵
-
\??\c:\bbxjp.exec:\bbxjp.exe22⤵
-
\??\c:\nrbph.exec:\nrbph.exe23⤵
-
\??\c:\trbdvd.exec:\trbdvd.exe24⤵
-
\??\c:\hhlhbjr.exec:\hhlhbjr.exe25⤵
-
\??\c:\bfjvln.exec:\bfjvln.exe26⤵
-
\??\c:\hrjhd.exec:\hrjhd.exe27⤵
-
\??\c:\tbhjh.exec:\tbhjh.exe28⤵
-
\??\c:\xrjhp.exec:\xrjhp.exe29⤵
-
\??\c:\xjprn.exec:\xjprn.exe30⤵
-
\??\c:\fdddn.exec:\fdddn.exe31⤵
-
\??\c:\vjvbf.exec:\vjvbf.exe32⤵
-
\??\c:\pthvdhr.exec:\pthvdhr.exe33⤵
-
\??\c:\nttvhr.exec:\nttvhr.exe34⤵
-
\??\c:\ddhvl.exec:\ddhvl.exe35⤵
-
\??\c:\nbntrlx.exec:\nbntrlx.exe36⤵
-
\??\c:\pplvj.exec:\pplvj.exe37⤵
-
\??\c:\llvxn.exec:\llvxn.exe38⤵
-
\??\c:\lbbxtnh.exec:\lbbxtnh.exe39⤵
-
\??\c:\tfptp.exec:\tfptp.exe40⤵
-
\??\c:\fdhlv.exec:\fdhlv.exe41⤵
-
\??\c:\xptvf.exec:\xptvf.exe42⤵
-
\??\c:\npddl.exec:\npddl.exe43⤵
-
\??\c:\pvbnr.exec:\pvbnr.exe44⤵
-
\??\c:\xjpjn.exec:\xjpjn.exe45⤵
-
\??\c:\bjfpnh.exec:\bjfpnh.exe46⤵
-
\??\c:\tnxjt.exec:\tnxjt.exe47⤵
-
\??\c:\tnpjftt.exec:\tnpjftt.exe48⤵
-
\??\c:\jrjrp.exec:\jrjrp.exe49⤵
-
\??\c:\xnnbxjp.exec:\xnnbxjp.exe50⤵
-
\??\c:\lvxvxp.exec:\lvxvxp.exe51⤵
-
\??\c:\nttdxvj.exec:\nttdxvj.exe52⤵
-
\??\c:\pjxxttb.exec:\pjxxttb.exe53⤵
-
\??\c:\hxfhvpv.exec:\hxfhvpv.exe54⤵
-
\??\c:\rlxxdd.exec:\rlxxdd.exe55⤵
-
\??\c:\rtxxn.exec:\rtxxn.exe56⤵
-
\??\c:\lvtxjx.exec:\lvtxjx.exe57⤵
-
\??\c:\xlxxv.exec:\xlxxv.exe58⤵
-
\??\c:\hxffh.exec:\hxffh.exe59⤵
-
\??\c:\ldbnbl.exec:\ldbnbl.exe60⤵
-
\??\c:\lvffl.exec:\lvffl.exe61⤵
-
\??\c:\rxxhh.exec:\rxxhh.exe62⤵
-
\??\c:\lxpppdb.exec:\lxpppdb.exe63⤵
-
\??\c:\tdtnvf.exec:\tdtnvf.exe64⤵
-
\??\c:\dnjtdl.exec:\dnjtdl.exe65⤵
-
\??\c:\lnvlv.exec:\lnvlv.exe66⤵
-
\??\c:\hrltplp.exec:\hrltplp.exe67⤵
-
\??\c:\jnxnbhf.exec:\jnxnbhf.exe68⤵
-
\??\c:\fdxvn.exec:\fdxvn.exe69⤵
-
\??\c:\xptxb.exec:\xptxb.exe70⤵
-
\??\c:\ffthl.exec:\ffthl.exe71⤵
-
\??\c:\ftpthd.exec:\ftpthd.exe72⤵
-
\??\c:\rpbptvx.exec:\rpbptvx.exe73⤵
-
\??\c:\nnhtxhx.exec:\nnhtxhx.exe74⤵
-
\??\c:\hjfff.exec:\hjfff.exe75⤵
-
\??\c:\fnfhph.exec:\fnfhph.exe76⤵
-
\??\c:\lnxvhl.exec:\lnxvhl.exe77⤵
-
\??\c:\jrpdnj.exec:\jrpdnj.exe78⤵
-
\??\c:\xjxfll.exec:\xjxfll.exe79⤵
-
\??\c:\xtflxxb.exec:\xtflxxb.exe80⤵
-
\??\c:\tvpjf.exec:\tvpjf.exe81⤵
-
\??\c:\fthltvd.exec:\fthltvd.exe82⤵
-
\??\c:\nhpbn.exec:\nhpbn.exe83⤵
-
\??\c:\dxrjfxl.exec:\dxrjfxl.exe84⤵
-
\??\c:\xbpddtt.exec:\xbpddtt.exe85⤵
-
\??\c:\bxhvn.exec:\bxhvn.exe86⤵
-
\??\c:\ldjhxvb.exec:\ldjhxvb.exe87⤵
-
\??\c:\hxppnv.exec:\hxppnv.exe88⤵
-
\??\c:\xntxfbb.exec:\xntxfbb.exe89⤵
-
\??\c:\bdtltr.exec:\bdtltr.exe90⤵
-
\??\c:\hrvld.exec:\hrvld.exe91⤵
-
\??\c:\hffhxb.exec:\hffhxb.exe92⤵
-
\??\c:\phlptp.exec:\phlptp.exe93⤵
-
\??\c:\lxbdpb.exec:\lxbdpb.exe94⤵
-
\??\c:\txxvjrx.exec:\txxvjrx.exe95⤵
-
\??\c:\pnnrvf.exec:\pnnrvf.exe96⤵
-
\??\c:\fblhr.exec:\fblhr.exe97⤵
-
\??\c:\jbltfvf.exec:\jbltfvf.exe98⤵
-
\??\c:\fhnrnjr.exec:\fhnrnjr.exe99⤵
-
\??\c:\dffrdf.exec:\dffrdf.exe100⤵
-
\??\c:\bxxxb.exec:\bxxxb.exe101⤵
-
\??\c:\rvhlff.exec:\rvhlff.exe102⤵
-
\??\c:\hpvxnnx.exec:\hpvxnnx.exe103⤵
-
\??\c:\jvxrd.exec:\jvxrd.exe104⤵
-
\??\c:\fplljhf.exec:\fplljhf.exe105⤵
-
\??\c:\bvtvjj.exec:\bvtvjj.exe106⤵
-
\??\c:\lbrtj.exec:\lbrtj.exe107⤵
-
\??\c:\nlpjnfj.exec:\nlpjnfj.exe108⤵
-
\??\c:\lphdvjn.exec:\lphdvjn.exe109⤵
-
\??\c:\vpfntr.exec:\vpfntr.exe110⤵
-
\??\c:\htrjxt.exec:\htrjxt.exe111⤵
-
\??\c:\fxtxtb.exec:\fxtxtb.exe112⤵
-
\??\c:\fftnnh.exec:\fftnnh.exe113⤵
-
\??\c:\fdtjj.exec:\fdtjj.exe114⤵
-
\??\c:\hvxdd.exec:\hvxdd.exe115⤵
-
\??\c:\rvbntbb.exec:\rvbntbb.exe116⤵
-
\??\c:\bpnfrj.exec:\bpnfrj.exe117⤵
-
\??\c:\xrtfvx.exec:\xrtfvx.exe118⤵
-
\??\c:\bxfhv.exec:\bxfhv.exe119⤵
-
\??\c:\pvrfp.exec:\pvrfp.exe120⤵
-
\??\c:\tnxnlnd.exec:\tnxnlnd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-