Analysis
-
max time kernel
131s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
20/04/2024, 18:27
General
-
Target
08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024.exe
-
Size
58KB
-
MD5
609e900a2937614355a5647bb6617549
-
SHA1
51957882a20e77ab7aa56d644f0c5f7168117912
-
SHA256
08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024
-
SHA512
5e92a90593f0a585698d706ca620c911a3760c7bb5169cae6f6d9762bba17370d0eb22e2c6d7af62739cd8678f6153cef009f7706825bbbd1b7b80314700aa55
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIms3:ymb3NkkiQ3mdBjFIsIF3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
UPX dump on OEP (original entry point) 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024.exe"C:\Users\Admin\AppData\Local\Temp\08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\48062.exec:\48062.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdvp.exec:\3vdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhbb.exec:\thhhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttt.exec:\tntttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8288822.exec:\8288822.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46444.exec:\46444.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\682666.exec:\682666.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxffl.exec:\xlfxffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8800020.exec:\8800020.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\640088.exec:\640088.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnht.exec:\tnnnht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22864.exec:\22864.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpj.exec:\jdjpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdv.exec:\jdvdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\840006.exec:\840006.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48406.exec:\48406.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\4848660.exec:\4848660.exe24⤵
- Executes dropped EXE
-
\??\c:\7hnnhn.exec:\7hnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxxllf.exec:\lxxxllf.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\e82644.exec:\e82644.exe28⤵
- Executes dropped EXE
-
\??\c:\o284404.exec:\o284404.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfxfxf.exec:\rlfxfxf.exe30⤵
- Executes dropped EXE
-
\??\c:\3lrlffx.exec:\3lrlffx.exe31⤵
- Executes dropped EXE
-
\??\c:\k42600.exec:\k42600.exe32⤵
- Executes dropped EXE
-
\??\c:\8466286.exec:\8466286.exe33⤵
- Executes dropped EXE
-
\??\c:\s8886.exec:\s8886.exe34⤵
- Executes dropped EXE
-
\??\c:\bhnhhh.exec:\bhnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\lrxllfr.exec:\lrxllfr.exe37⤵
- Executes dropped EXE
-
\??\c:\frfxffx.exec:\frfxffx.exe38⤵
- Executes dropped EXE
-
\??\c:\206604.exec:\206604.exe39⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe40⤵
- Executes dropped EXE
-
\??\c:\20242.exec:\20242.exe41⤵
- Executes dropped EXE
-
\??\c:\028204.exec:\028204.exe42⤵
- Executes dropped EXE
-
\??\c:\rlffrrl.exec:\rlffrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\68868.exec:\68868.exe44⤵
- Executes dropped EXE
-
\??\c:\844626.exec:\844626.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrfxrr.exec:\ffrfxrr.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrxxxr.exec:\rlrxxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\64004.exec:\64004.exe48⤵
- Executes dropped EXE
-
\??\c:\fllfllf.exec:\fllfllf.exe49⤵
- Executes dropped EXE
-
\??\c:\i460006.exec:\i460006.exe50⤵
- Executes dropped EXE
-
\??\c:\42888.exec:\42888.exe51⤵
- Executes dropped EXE
-
\??\c:\88608.exec:\88608.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe53⤵
- Executes dropped EXE
-
\??\c:\64888.exec:\64888.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\0808260.exec:\0808260.exe57⤵
- Executes dropped EXE
-
\??\c:\xffxlfx.exec:\xffxlfx.exe58⤵
- Executes dropped EXE
-
\??\c:\1jjdj.exec:\1jjdj.exe59⤵
- Executes dropped EXE
-
\??\c:\664444.exec:\664444.exe60⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\22242.exec:\22242.exe62⤵
- Executes dropped EXE
-
\??\c:\862044.exec:\862044.exe63⤵
- Executes dropped EXE
-
\??\c:\tbhhbh.exec:\tbhhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxrrlf.exec:\xxxrrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\00288.exec:\00288.exe66⤵
-
\??\c:\c260882.exec:\c260882.exe67⤵
-
\??\c:\8626666.exec:\8626666.exe68⤵
-
\??\c:\rxfhnhb.exec:\rxfhnhb.exe69⤵
-
\??\c:\vvddj.exec:\vvddj.exe70⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe71⤵
-
\??\c:\868226.exec:\868226.exe72⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe73⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe74⤵
-
\??\c:\40204.exec:\40204.exe75⤵
-
\??\c:\5dvjd.exec:\5dvjd.exe76⤵
-
\??\c:\484888.exec:\484888.exe77⤵
-
\??\c:\68486.exec:\68486.exe78⤵
-
\??\c:\a8860.exec:\a8860.exe79⤵
-
\??\c:\24042.exec:\24042.exe80⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe81⤵
-
\??\c:\62826.exec:\62826.exe82⤵
-
\??\c:\dvppv.exec:\dvppv.exe83⤵
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe84⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe85⤵
-
\??\c:\thntnn.exec:\thntnn.exe86⤵
-
\??\c:\5bhtnn.exec:\5bhtnn.exe87⤵
-
\??\c:\468282.exec:\468282.exe88⤵
-
\??\c:\a8664.exec:\a8664.exe89⤵
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe90⤵
-
\??\c:\u060482.exec:\u060482.exe91⤵
-
\??\c:\s2440.exec:\s2440.exe92⤵
-
\??\c:\c282048.exec:\c282048.exe93⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe94⤵
-
\??\c:\42060.exec:\42060.exe95⤵
-
\??\c:\608488.exec:\608488.exe96⤵
-
\??\c:\rllflll.exec:\rllflll.exe97⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe98⤵
-
\??\c:\rrlllrx.exec:\rrlllrx.exe99⤵
-
\??\c:\m8066.exec:\m8066.exe100⤵
-
\??\c:\440088.exec:\440088.exe101⤵
-
\??\c:\ntbthb.exec:\ntbthb.exe102⤵
-
\??\c:\rffxrll.exec:\rffxrll.exe103⤵
-
\??\c:\666660.exec:\666660.exe104⤵
-
\??\c:\66266.exec:\66266.exe105⤵
-
\??\c:\6066022.exec:\6066022.exe106⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe107⤵
-
\??\c:\0840844.exec:\0840844.exe108⤵
-
\??\c:\0804848.exec:\0804848.exe109⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe110⤵
-
\??\c:\668204.exec:\668204.exe111⤵
-
\??\c:\i842604.exec:\i842604.exe112⤵
-
\??\c:\468268.exec:\468268.exe113⤵
-
\??\c:\4826448.exec:\4826448.exe114⤵
-
\??\c:\82426.exec:\82426.exe115⤵
-
\??\c:\thbbnt.exec:\thbbnt.exe116⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe117⤵
-
\??\c:\8008064.exec:\8008064.exe118⤵
-
\??\c:\46226.exec:\46226.exe119⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe120⤵
-
\??\c:\a6260.exec:\a6260.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-