Analysis
-
max time kernel
150s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
20/02/2024, 14:37
General
-
Target
VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe
-
Size
392KB
-
MD5
03b6a8e2d209f10cce366b73bec0283a
-
SHA1
72641bc2f5627cf9ff3aac9a451f1a3883469a4d
-
SHA256
583c10d1bb3b7be55f6147164340e8f7604613051bdd242385c7b1c186560f52
-
SHA512
9ad94d9a4125081ca5eb3b54d4664989189459d6c873ef85858568082334e3a5b91027cc4c2cb61cea48cdad073020e6221cdb54e4324e48d302fede08bf2a3f
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmmv:m7TcJWjdpKGATTk/jYIOWN/KnnPD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\03b6a8e2d209f10cce366b73bec0283a.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\03b6a8e2d209f10cce366b73bec0283a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbth.exec:\bnnbth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxlf.exec:\lxrlxlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjvj.exec:\9jjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxrfr.exec:\lxlxrfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnhh.exec:\ntbnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnt.exec:\bttbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
\??\c:\ttnbbt.exec:\ttnbbt.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjj.exec:\jjvjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfrlx.exec:\lrlfrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvj.exec:\3ddvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
\??\c:\ddjjj.exec:\ddjjj.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvvp.exec:\3dvvp.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tthbb.exec:\1tthbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhb.exec:\hbhnhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnhb.exec:\9hbnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdp.exec:\1jjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthh.exec:\tbbthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpj.exec:\5vvpj.exe7⤵
- Executes dropped EXE
-
-
-
-
-
-
-
\??\c:\hhnhbt.exec:\hhnhbt.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhbt.exec:\3hbhbt.exe1⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe2⤵
- Executes dropped EXE
-
\??\c:\xxrfrlx.exec:\xxrfrlx.exe3⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe4⤵
- Executes dropped EXE
-
\??\c:\3hbhtn.exec:\3hbhtn.exe5⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe6⤵
- Executes dropped EXE
-
\??\c:\lxrllfx.exec:\lxrllfx.exe7⤵
- Executes dropped EXE
-
\??\c:\nbbthh.exec:\nbbthh.exe8⤵
- Executes dropped EXE
-
\??\c:\flfxrlf.exec:\flfxrlf.exe9⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe10⤵
- Executes dropped EXE
-
\??\c:\rllxrlf.exec:\rllxrlf.exe11⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe12⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe13⤵
- Executes dropped EXE
-
\??\c:\3pjdp.exec:\3pjdp.exe14⤵
- Executes dropped EXE
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe15⤵
- Executes dropped EXE
-
\??\c:\nbnhth.exec:\nbnhth.exe16⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe17⤵
- Executes dropped EXE
-
\??\c:\flfrflx.exec:\flfrflx.exe18⤵
- Executes dropped EXE
-
\??\c:\7tthbt.exec:\7tthbt.exe19⤵
- Executes dropped EXE
-
\??\c:\9vvjj.exec:\9vvjj.exe20⤵
- Executes dropped EXE
-
\??\c:\frrlxrx.exec:\frrlxrx.exe21⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\tbtthb.exec:\tbtthb.exe1⤵
- Executes dropped EXE
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe2⤵
- Executes dropped EXE
-
\??\c:\fxxrlxr.exec:\fxxrlxr.exe3⤵
- Executes dropped EXE
-
\??\c:\htbhtt.exec:\htbhtt.exe4⤵
- Executes dropped EXE
-
\??\c:\3fxrllf.exec:\3fxrllf.exe5⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe6⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe7⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe8⤵
- Executes dropped EXE
-
\??\c:\ffxxrll.exec:\ffxxrll.exe9⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe10⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe11⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe12⤵
- Executes dropped EXE
-
\??\c:\nttntt.exec:\nttntt.exe13⤵
- Executes dropped EXE
-
\??\c:\nthhnn.exec:\nthhnn.exe14⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe15⤵
- Executes dropped EXE
-
\??\c:\9lfrfrx.exec:\9lfrfrx.exe16⤵
- Executes dropped EXE
-
\??\c:\7bhbth.exec:\7bhbth.exe17⤵
- Executes dropped EXE
-
\??\c:\nnbhnn.exec:\nnbhnn.exe18⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe19⤵
- Executes dropped EXE
-
\??\c:\rrlflxr.exec:\rrlflxr.exe20⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe21⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe22⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe23⤵
-
\??\c:\rffxlrl.exec:\rffxlrl.exe24⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe25⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe26⤵
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe27⤵
-
\??\c:\xllxrlx.exec:\xllxrlx.exe28⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe29⤵
-
\??\c:\3rxrrfx.exec:\3rxrrfx.exe30⤵
-
\??\c:\bnnbbh.exec:\bnnbbh.exe31⤵
-
\??\c:\hththh.exec:\hththh.exe32⤵
-
\??\c:\dddvv.exec:\dddvv.exe33⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe34⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe35⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe36⤵
-
\??\c:\xxrfxrl.exec:\xxrfxrl.exe37⤵
-
\??\c:\7ththb.exec:\7ththb.exe38⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe39⤵
-
\??\c:\lxlfxrl.exec:\lxlfxrl.exe40⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe41⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe42⤵
-
\??\c:\1flfxrl.exec:\1flfxrl.exe43⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe44⤵
-
\??\c:\rfxrlrl.exec:\rfxrlrl.exe45⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe46⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe47⤵
-
\??\c:\rrlffxx.exec:\rrlffxx.exe48⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe49⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe50⤵
-
\??\c:\httnnh.exec:\httnnh.exe51⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe52⤵
-
\??\c:\1xrlffx.exec:\1xrlffx.exe53⤵
-
\??\c:\hhtbth.exec:\hhtbth.exe54⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe55⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe56⤵
-
\??\c:\frxfxxr.exec:\frxfxxr.exe57⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe58⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe59⤵
-
\??\c:\xrxrllx.exec:\xrxrllx.exe60⤵
-
\??\c:\1flfxff.exec:\1flfxff.exe61⤵
-
\??\c:\3btnhh.exec:\3btnhh.exe62⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe63⤵
-
\??\c:\xlrfxrx.exec:\xlrfxrx.exe64⤵
-
\??\c:\9lrxrxr.exec:\9lrxrxr.exe65⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe66⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe67⤵
-
\??\c:\xxfrfxx.exec:\xxfrfxx.exe68⤵
-
\??\c:\9xlxrll.exec:\9xlxrll.exe69⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe70⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe71⤵
-
\??\c:\9ffxxxl.exec:\9ffxxxl.exe72⤵
-
\??\c:\hnttnh.exec:\hnttnh.exe73⤵
-
\??\c:\1flxlxl.exec:\1flxlxl.exe74⤵
-
\??\c:\bbbhhh.exec:\bbbhhh.exe75⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe76⤵
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe77⤵
-
\??\c:\rlxrlfl.exec:\rlxrlfl.exe78⤵
-
\??\c:\bttntt.exec:\bttntt.exe79⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe80⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe81⤵
-
\??\c:\rflrfrf.exec:\rflrfrf.exe82⤵
-
\??\c:\rlrxfll.exec:\rlrxfll.exe83⤵
-
\??\c:\pjppj.exec:\pjppj.exe84⤵
-
\??\c:\rfxrfrl.exec:\rfxrfrl.exe85⤵
-
\??\c:\7rrfxfr.exec:\7rrfxfr.exe86⤵
-
\??\c:\hhbbtn.exec:\hhbbtn.exe87⤵
-
\??\c:\nbbnht.exec:\nbbnht.exe88⤵
-
\??\c:\1ddpd.exec:\1ddpd.exe89⤵
-
\??\c:\xxxlfxl.exec:\xxxlfxl.exe90⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe91⤵
-
\??\c:\9tbtnn.exec:\9tbtnn.exe92⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe93⤵
-
\??\c:\xxlxlfr.exec:\xxlxlfr.exe94⤵
-
\??\c:\htbthb.exec:\htbthb.exe95⤵
-
\??\c:\9bnnbb.exec:\9bnnbb.exe96⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe97⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe98⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe99⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe100⤵
-
\??\c:\rfxrllx.exec:\rfxrllx.exe101⤵
-
\??\c:\nthnhh.exec:\nthnhh.exe102⤵
-
\??\c:\3tnbtn.exec:\3tnbtn.exe103⤵
-
\??\c:\1dddd.exec:\1dddd.exe104⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe105⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe106⤵
-
\??\c:\nhhhbn.exec:\nhhhbn.exe107⤵
-
\??\c:\3nnhhn.exec:\3nnhhn.exe108⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe109⤵
-
\??\c:\7frffxl.exec:\7frffxl.exe110⤵
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe111⤵
-
\??\c:\3tnbhb.exec:\3tnbhb.exe112⤵
-
\??\c:\3jjpj.exec:\3jjpj.exe113⤵
-
\??\c:\pppjd.exec:\pppjd.exe114⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\1jvdv.exec:\1jvdv.exe70⤵
-
\??\c:\rflxrrf.exec:\rflxrrf.exe71⤵
-
\??\c:\lfxlllf.exec:\lfxlllf.exe72⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe73⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe74⤵
-
\??\c:\flffrrf.exec:\flffrrf.exe75⤵
-
\??\c:\nbnhhn.exec:\nbnhhn.exe76⤵
-
\??\c:\pddpj.exec:\pddpj.exe77⤵
-
\??\c:\fflxrfx.exec:\fflxrfx.exe78⤵
-
\??\c:\hbtthb.exec:\hbtthb.exe79⤵
-
\??\c:\nbtnbn.exec:\nbtnbn.exe80⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe81⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe82⤵
-
\??\c:\7bhttn.exec:\7bhttn.exe83⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe84⤵
-
\??\c:\5pdvp.exec:\5pdvp.exe85⤵
-
\??\c:\1xlxlxl.exec:\1xlxlxl.exe86⤵
-
\??\c:\3tnbtn.exec:\3tnbtn.exe87⤵
-
\??\c:\hhnnhb.exec:\hhnnhb.exe88⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe89⤵
-
\??\c:\lxfrfxl.exec:\lxfrfxl.exe90⤵
-
\??\c:\lxrffxf.exec:\lxrffxf.exe91⤵
-
\??\c:\bnnhtb.exec:\bnnhtb.exe92⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe93⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe94⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe95⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe96⤵
-
\??\c:\jppvp.exec:\jppvp.exe97⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe98⤵
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe99⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe100⤵
-
\??\c:\5frlfxr.exec:\5frlfxr.exe101⤵
-
\??\c:\rxxxlxl.exec:\rxxxlxl.exe102⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe103⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe104⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe105⤵
-
\??\c:\rrfxrrx.exec:\rrfxrrx.exe106⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe107⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe108⤵
-
\??\c:\fxxxxrx.exec:\fxxxxrx.exe109⤵
-
\??\c:\3hbtnh.exec:\3hbtnh.exe110⤵
-
\??\c:\hhtnbb.exec:\hhtnbb.exe111⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe112⤵
-
\??\c:\llxxrlr.exec:\llxxrlr.exe113⤵
-
\??\c:\bhtnht.exec:\bhtnht.exe114⤵
-
\??\c:\9djdv.exec:\9djdv.exe115⤵
-
\??\c:\dddpd.exec:\dddpd.exe116⤵
-
\??\c:\5xxlxrf.exec:\5xxlxrf.exe117⤵
-
\??\c:\ttbnbb.exec:\ttbnbb.exe118⤵
-
\??\c:\httnhn.exec:\httnhn.exe119⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe120⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-