Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
07/03/2024, 10:37
General
-
Target
b8879cb8a371fdcb99da7a54ef28eb33.exe
-
Size
479KB
-
MD5
b8879cb8a371fdcb99da7a54ef28eb33
-
SHA1
5e742cdbe14a869f2b7069ee4009e4543e70c8aa
-
SHA256
da7878ef20a015e47379486c9b004055ed1c6ff75aeb1f7671a41c594a97a0fc
-
SHA512
59bd4d2a87d0bcc50a5120b628e39f2a8100b218665a780a9eaf18ff6bc366af52f58a4763612ef16a15e1a5ba6a0fa45dd218fbac33f436fe62bd958bb4f7b4
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjdgyPif:q7Tc2NYHUrAwqzQ7Pe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8879cb8a371fdcb99da7a54ef28eb33.exe"C:\Users\Admin\AppData\Local\Temp\b8879cb8a371fdcb99da7a54ef28eb33.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppdp.exec:\7ppdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtn.exec:\thnbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbth.exec:\bnhbth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnh.exec:\btnbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxl.exec:\xrrlfxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhh.exec:\nbhbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllfrf.exec:\lxllfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbnhb.exec:\3hbnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrffxx.exec:\9lrffxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhtt.exec:\9nnhtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbt.exec:\htnhbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrll.exec:\lfffrll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnn.exec:\bnnhnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxlfx.exec:\lxxxlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhbt.exec:\bhhhbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxrf.exec:\xxxlxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\3bntht.exec:\3bntht.exe24⤵
- Executes dropped EXE
-
\??\c:\9vjvp.exec:\9vjvp.exe25⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe26⤵
- Executes dropped EXE
-
\??\c:\llxrfxl.exec:\llxrfxl.exe27⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\dppdj.exec:\dppdj.exe29⤵
- Executes dropped EXE
-
\??\c:\bhtnbt.exec:\bhtnbt.exe30⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe32⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\rfffrff.exec:\rfffrff.exe34⤵
- Executes dropped EXE
-
\??\c:\frxlrfl.exec:\frxlrfl.exe35⤵
- Executes dropped EXE
-
\??\c:\1vpjd.exec:\1vpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\5tnthb.exec:\5tnthb.exe37⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe38⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\9nhtnn.exec:\9nhtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\lxxrxxr.exec:\lxxrxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\flrlxxr.exec:\flrlxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\5bbnbb.exec:\5bbnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\1nthnt.exec:\1nthnt.exe48⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe50⤵
- Executes dropped EXE
-
\??\c:\lxfxlfx.exec:\lxfxlfx.exe51⤵
- Executes dropped EXE
-
\??\c:\9hhbnn.exec:\9hhbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe53⤵
- Executes dropped EXE
-
\??\c:\fllxlfx.exec:\fllxlfx.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbtnt.exec:\ntbtnt.exe55⤵
- Executes dropped EXE
-
\??\c:\3tnthb.exec:\3tnthb.exe56⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe57⤵
- Executes dropped EXE
-
\??\c:\rxfrlrl.exec:\rxfrlrl.exe58⤵
- Executes dropped EXE
-
\??\c:\1ttthh.exec:\1ttthh.exe59⤵
- Executes dropped EXE
-
\??\c:\1vpdv.exec:\1vpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe61⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe62⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\xflfxrl.exec:\xflfxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe65⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe66⤵
-
\??\c:\xrlrfxx.exec:\xrlrfxx.exe67⤵
-
\??\c:\9bhbhh.exec:\9bhbhh.exe68⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe69⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe70⤵
-
\??\c:\3xrlfxr.exec:\3xrlfxr.exe71⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe72⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe73⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe74⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe75⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe76⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe77⤵
-
\??\c:\hnnbbt.exec:\hnnbbt.exe78⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe79⤵
-
\??\c:\xxxffff.exec:\xxxffff.exe80⤵
-
\??\c:\3btnbb.exec:\3btnbb.exe81⤵
-
\??\c:\thnhth.exec:\thnhth.exe82⤵
-
\??\c:\rllxxrr.exec:\rllxxrr.exe83⤵
-
\??\c:\9xxlxrf.exec:\9xxlxrf.exe84⤵
-
\??\c:\1bbnbb.exec:\1bbnbb.exe85⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe86⤵
-
\??\c:\rrxrffr.exec:\rrxrffr.exe87⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe88⤵
-
\??\c:\5ddpj.exec:\5ddpj.exe89⤵
-
\??\c:\frrfxlf.exec:\frrfxlf.exe90⤵
-
\??\c:\thbthb.exec:\thbthb.exe91⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe92⤵
-
\??\c:\frxlfxl.exec:\frxlfxl.exe93⤵
-
\??\c:\thnbbn.exec:\thnbbn.exe94⤵
-
\??\c:\rlrllxx.exec:\rlrllxx.exe95⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe96⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe97⤵
-
\??\c:\rfrfxrf.exec:\rfrfxrf.exe98⤵
-
\??\c:\3xxllfr.exec:\3xxllfr.exe99⤵
-
\??\c:\vppjp.exec:\vppjp.exe100⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe101⤵
-
\??\c:\5ffrfxl.exec:\5ffrfxl.exe102⤵
-
\??\c:\1nnhth.exec:\1nnhth.exe103⤵
-
\??\c:\1nbnhb.exec:\1nbnhb.exe104⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe105⤵
-
\??\c:\lllxlff.exec:\lllxlff.exe106⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe107⤵
-
\??\c:\frrffxl.exec:\frrffxl.exe108⤵
-
\??\c:\7nhhbh.exec:\7nhhbh.exe109⤵
-
\??\c:\nbtntn.exec:\nbtntn.exe110⤵
-
\??\c:\9vpjj.exec:\9vpjj.exe111⤵
-
\??\c:\xlllfxf.exec:\xlllfxf.exe112⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe113⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe114⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe115⤵
-
\??\c:\9lfxlfr.exec:\9lfxlfr.exe116⤵
-
\??\c:\hthtbn.exec:\hthtbn.exe117⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe118⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe119⤵
-
\??\c:\xffllff.exec:\xffllff.exe120⤵
-
\??\c:\3flfffl.exec:\3flfffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-