Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 13:10
General
-
Target
b4c618e8cab5807bc899c1f542639cc9.exe
-
Size
474KB
-
MD5
b4c618e8cab5807bc899c1f542639cc9
-
SHA1
e5a9dbc15cd5cf127aa33cd6aec59ba107b53ada
-
SHA256
81e229d1e03a996f0ab7404eeafdd357a22dd8e4a2cda9134d07a293df212850
-
SHA512
3553adda8709c553f1a7a593f18a5306ededac741cd71160045ae998e3f4b6662b809be3e60dad858c1cca7008f71baea41912626e0c11814b278818b9191443
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93svqTP+E4QJP:n3C9yMo+S0L9xRnoq7H9QYJxP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4c618e8cab5807bc899c1f542639cc9.exe"C:\Users\Admin\AppData\Local\Temp\b4c618e8cab5807bc899c1f542639cc9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntthn.exec:\bntthn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxxxl.exec:\rflxxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjd.exec:\vvjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttn.exec:\nbbttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllll.exec:\xrlllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhhh.exec:\hhnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrrl.exec:\frxrrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbt.exec:\hhnhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxf.exec:\rrlfxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvj.exec:\1jdvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdd.exec:\jvvdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhn.exec:\nhnnhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnnbb.exec:\7bnnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttn.exec:\hhbttn.exe23⤵
- Executes dropped EXE
-
\??\c:\fffrfrl.exec:\fffrfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe25⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\fflfxxx.exec:\fflfxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\rrfxrrx.exec:\rrfxrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\9vppv.exec:\9vppv.exe29⤵
- Executes dropped EXE
-
\??\c:\1nhbtn.exec:\1nhbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\9rrlfff.exec:\9rrlfff.exe31⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe32⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\3pvvp.exec:\3pvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\5flffff.exec:\5flffff.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe37⤵
- Executes dropped EXE
-
\??\c:\9thbtn.exec:\9thbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxrxxr.exec:\lxxrxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe42⤵
- Executes dropped EXE
-
\??\c:\bnhhtn.exec:\bnhhtn.exe43⤵
- Executes dropped EXE
-
\??\c:\7vvpd.exec:\7vvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\hhnhnh.exec:\hhnhnh.exe45⤵
- Executes dropped EXE
-
\??\c:\vdjjv.exec:\vdjjv.exe46⤵
- Executes dropped EXE
-
\??\c:\lflxfff.exec:\lflxfff.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe48⤵
- Executes dropped EXE
-
\??\c:\3lllxxr.exec:\3lllxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xlrlrll.exec:\xlrlrll.exe51⤵
- Executes dropped EXE
-
\??\c:\3nhnnh.exec:\3nhnnh.exe52⤵
- Executes dropped EXE
-
\??\c:\rlflrxr.exec:\rlflrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\nttnbt.exec:\nttnbt.exe54⤵
- Executes dropped EXE
-
\??\c:\lxlxrrf.exec:\lxlxrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\7hhhbt.exec:\7hhhbt.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\bnhhbh.exec:\bnhhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxxlfl.exec:\rrxxlfl.exe59⤵
- Executes dropped EXE
-
\??\c:\9rrlrlr.exec:\9rrlrlr.exe60⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\rllrlxr.exec:\rllrlxr.exe64⤵
- Executes dropped EXE
-
\??\c:\7bhbtn.exec:\7bhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe66⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe67⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe68⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe69⤵
-
\??\c:\fxxllll.exec:\fxxllll.exe70⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe71⤵
-
\??\c:\lrlxrxr.exec:\lrlxrxr.exe72⤵
-
\??\c:\7btnnh.exec:\7btnnh.exe73⤵
-
\??\c:\jppjp.exec:\jppjp.exe74⤵
-
\??\c:\9ffrfxr.exec:\9ffrfxr.exe75⤵
-
\??\c:\bttbtn.exec:\bttbtn.exe76⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe77⤵
-
\??\c:\9fffrxr.exec:\9fffrxr.exe78⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe79⤵
-
\??\c:\llfxxrl.exec:\llfxxrl.exe80⤵
-
\??\c:\djjvv.exec:\djjvv.exe81⤵
-
\??\c:\rrffrrl.exec:\rrffrrl.exe82⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe83⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe84⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe85⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe86⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe87⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe88⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe89⤵
-
\??\c:\frrlxlx.exec:\frrlxlx.exe90⤵
-
\??\c:\ttthhh.exec:\ttthhh.exe91⤵
-
\??\c:\ffrlrrr.exec:\ffrlrrr.exe92⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe93⤵
-
\??\c:\5rxrrrl.exec:\5rxrrrl.exe94⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe95⤵
-
\??\c:\llxxrff.exec:\llxxrff.exe96⤵
-
\??\c:\djpdv.exec:\djpdv.exe97⤵
-
\??\c:\5lrxrll.exec:\5lrxrll.exe98⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe99⤵
-
\??\c:\xlxrlff.exec:\xlxrlff.exe100⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe101⤵
-
\??\c:\rfrlfxx.exec:\rfrlfxx.exe102⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe103⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe104⤵
-
\??\c:\hhtnbb.exec:\hhtnbb.exe105⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe106⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe107⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe108⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe109⤵
-
\??\c:\jppjp.exec:\jppjp.exe110⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe111⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe112⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe113⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe114⤵
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe115⤵
-
\??\c:\7dddv.exec:\7dddv.exe116⤵
-
\??\c:\tbnbnh.exec:\tbnbnh.exe117⤵
-
\??\c:\1nbtbb.exec:\1nbtbb.exe118⤵
-
\??\c:\rffrlrr.exec:\rffrlrr.exe119⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe120⤵
-
\??\c:\lfxrfff.exec:\lfxrfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-