Analysis
-
max time kernel
79s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-04-2024 13:46
General
-
Target
1e08076473ed665039288f72e6cbf235e77c294f51e13532caa7a6106ac327e0.exe
-
Size
65KB
-
MD5
4653cf22acfbe2373964547c2320eca1
-
SHA1
96bb491966b58b02d8b16b104af0f09fb074ac74
-
SHA256
1e08076473ed665039288f72e6cbf235e77c294f51e13532caa7a6106ac327e0
-
SHA512
226c4349d50d20882d2d3efbb503fed225631e3857a76d69a66c408ef413ec763d6e1b2654a98d1ad888d7f65f80ae20681d59b8a4dc277a098054690d5696ef
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmhx:ymb3NkkiQ3mdBjFI46TQyXmhx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
UPX dump on OEP (original entry point) 59 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e08076473ed665039288f72e6cbf235e77c294f51e13532caa7a6106ac327e0.exe"C:\Users\Admin\AppData\Local\Temp\1e08076473ed665039288f72e6cbf235e77c294f51e13532caa7a6106ac327e0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbfrhb.exec:\bbfrhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdlxbd.exec:\rdlxbd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdnbx.exec:\pdnbx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdjlfh.exec:\rdjlfh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxtrt.exec:\lxtrt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flhbl.exec:\flhbl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjbvpj.exec:\tjbvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnrjf.exec:\tnrjf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txnhvtd.exec:\txnhvtd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfdbtr.exec:\tfdbtr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpdjn.exec:\tpdjn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhdpfnx.exec:\lhdpfnx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djblpl.exec:\djblpl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjnfx.exec:\vvjjnfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrvlx.exec:\vrvlx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxtvvbp.exec:\vxtvvbp.exe17⤵
- Executes dropped EXE
-
\??\c:\fjjnfv.exec:\fjjnfv.exe18⤵
- Executes dropped EXE
-
\??\c:\hxjtbr.exec:\hxjtbr.exe19⤵
- Executes dropped EXE
-
\??\c:\plvxhp.exec:\plvxhp.exe20⤵
- Executes dropped EXE
-
\??\c:\vjdpbb.exec:\vjdpbb.exe21⤵
- Executes dropped EXE
-
\??\c:\rjfttvf.exec:\rjfttvf.exe22⤵
- Executes dropped EXE
-
\??\c:\lpbxnrn.exec:\lpbxnrn.exe23⤵
- Executes dropped EXE
-
\??\c:\dnptx.exec:\dnptx.exe24⤵
- Executes dropped EXE
-
\??\c:\drdjfrr.exec:\drdjfrr.exe25⤵
- Executes dropped EXE
-
\??\c:\tndfpnh.exec:\tndfpnh.exe26⤵
- Executes dropped EXE
-
\??\c:\rlnfvhl.exec:\rlnfvhl.exe27⤵
- Executes dropped EXE
-
\??\c:\jhptnbp.exec:\jhptnbp.exe28⤵
- Executes dropped EXE
-
\??\c:\xjlxh.exec:\xjlxh.exe29⤵
- Executes dropped EXE
-
\??\c:\hphhb.exec:\hphhb.exe30⤵
- Executes dropped EXE
-
\??\c:\tvjjffl.exec:\tvjjffl.exe31⤵
- Executes dropped EXE
-
\??\c:\rhvfp.exec:\rhvfp.exe32⤵
- Executes dropped EXE
-
\??\c:\prhvhft.exec:\prhvhft.exe33⤵
- Executes dropped EXE
-
\??\c:\nxbdvvl.exec:\nxbdvvl.exe34⤵
- Executes dropped EXE
-
\??\c:\rrtnr.exec:\rrtnr.exe35⤵
- Executes dropped EXE
-
\??\c:\rjphd.exec:\rjphd.exe36⤵
- Executes dropped EXE
-
\??\c:\fvtrphd.exec:\fvtrphd.exe37⤵
- Executes dropped EXE
-
\??\c:\plbnpd.exec:\plbnpd.exe38⤵
- Executes dropped EXE
-
\??\c:\jpvtlpl.exec:\jpvtlpl.exe39⤵
- Executes dropped EXE
-
\??\c:\dlpdlv.exec:\dlpdlv.exe40⤵
- Executes dropped EXE
-
\??\c:\hxtlx.exec:\hxtlx.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhvblv.exec:\nnhvblv.exe42⤵
- Executes dropped EXE
-
\??\c:\fnntxd.exec:\fnntxd.exe43⤵
- Executes dropped EXE
-
\??\c:\lrpnjt.exec:\lrpnjt.exe44⤵
- Executes dropped EXE
-
\??\c:\vljhx.exec:\vljhx.exe45⤵
- Executes dropped EXE
-
\??\c:\xhpfjjr.exec:\xhpfjjr.exe46⤵
- Executes dropped EXE
-
\??\c:\pbbnt.exec:\pbbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\djjlh.exec:\djjlh.exe48⤵
- Executes dropped EXE
-
\??\c:\pbnffth.exec:\pbnffth.exe49⤵
- Executes dropped EXE
-
\??\c:\pthvd.exec:\pthvd.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjrp.exec:\ddjrp.exe51⤵
- Executes dropped EXE
-
\??\c:\rvdtnll.exec:\rvdtnll.exe52⤵
- Executes dropped EXE
-
\??\c:\dvvxdh.exec:\dvvxdh.exe53⤵
- Executes dropped EXE
-
\??\c:\dvrhdt.exec:\dvrhdt.exe54⤵
- Executes dropped EXE
-
\??\c:\hrjhprh.exec:\hrjhprh.exe55⤵
- Executes dropped EXE
-
\??\c:\dxhnbr.exec:\dxhnbr.exe56⤵
- Executes dropped EXE
-
\??\c:\xnfjntt.exec:\xnfjntt.exe57⤵
- Executes dropped EXE
-
\??\c:\bvtbbb.exec:\bvtbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\dnjvtbj.exec:\dnjvtbj.exe59⤵
- Executes dropped EXE
-
\??\c:\bfjrfp.exec:\bfjrfp.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjhp.exec:\ppjhp.exe61⤵
- Executes dropped EXE
-
\??\c:\jttnf.exec:\jttnf.exe62⤵
- Executes dropped EXE
-
\??\c:\pjrhtrh.exec:\pjrhtrh.exe63⤵
- Executes dropped EXE
-
\??\c:\vvxbrnd.exec:\vvxbrnd.exe64⤵
- Executes dropped EXE
-
\??\c:\rlvxpt.exec:\rlvxpt.exe65⤵
- Executes dropped EXE
-
\??\c:\xvlxjnx.exec:\xvlxjnx.exe66⤵
-
\??\c:\jbpdv.exec:\jbpdv.exe67⤵
-
\??\c:\txbdb.exec:\txbdb.exe68⤵
-
\??\c:\xjvpfvl.exec:\xjvpfvl.exe69⤵
-
\??\c:\jrrvll.exec:\jrrvll.exe70⤵
-
\??\c:\jxvxttl.exec:\jxvxttl.exe71⤵
-
\??\c:\hxhlpfd.exec:\hxhlpfd.exe72⤵
-
\??\c:\vfjldn.exec:\vfjldn.exe73⤵
-
\??\c:\fpdblj.exec:\fpdblj.exe74⤵
-
\??\c:\tfvjjbf.exec:\tfvjjbf.exe75⤵
-
\??\c:\bnbld.exec:\bnbld.exe76⤵
-
\??\c:\tdvjvf.exec:\tdvjvf.exe77⤵
-
\??\c:\ldfnb.exec:\ldfnb.exe78⤵
-
\??\c:\fvtvh.exec:\fvtvh.exe79⤵
-
\??\c:\prvbv.exec:\prvbv.exe80⤵
-
\??\c:\ffhnffr.exec:\ffhnffr.exe81⤵
-
\??\c:\nbbffj.exec:\nbbffj.exe82⤵
-
\??\c:\jhvxnhh.exec:\jhvxnhh.exe83⤵
-
\??\c:\ndvxtld.exec:\ndvxtld.exe84⤵
-
\??\c:\vlxfpl.exec:\vlxfpl.exe85⤵
-
\??\c:\flllhxb.exec:\flllhxb.exe86⤵
-
\??\c:\bfrfl.exec:\bfrfl.exe87⤵
-
\??\c:\tflltpn.exec:\tflltpn.exe88⤵
-
\??\c:\vvrbd.exec:\vvrbd.exe89⤵
-
\??\c:\lbfvhr.exec:\lbfvhr.exe90⤵
-
\??\c:\pjhrrnv.exec:\pjhrrnv.exe91⤵
-
\??\c:\dffrrt.exec:\dffrrt.exe92⤵
-
\??\c:\ldvdbnn.exec:\ldvdbnn.exe93⤵
-
\??\c:\nnjlb.exec:\nnjlb.exe94⤵
-
\??\c:\tdhnpnv.exec:\tdhnpnv.exe95⤵
-
\??\c:\dnnjrf.exec:\dnnjrf.exe96⤵
-
\??\c:\ttbvfdd.exec:\ttbvfdd.exe97⤵
-
\??\c:\rlxrb.exec:\rlxrb.exe98⤵
-
\??\c:\xfhjt.exec:\xfhjt.exe99⤵
-
\??\c:\rldvd.exec:\rldvd.exe100⤵
-
\??\c:\fjbrnd.exec:\fjbrnd.exe101⤵
-
\??\c:\bdbnpnf.exec:\bdbnpnf.exe102⤵
-
\??\c:\vtfnptr.exec:\vtfnptr.exe103⤵
-
\??\c:\txfldd.exec:\txfldd.exe104⤵
-
\??\c:\rplhnp.exec:\rplhnp.exe105⤵
-
\??\c:\txjphp.exec:\txjphp.exe106⤵
-
\??\c:\prlvfdv.exec:\prlvfdv.exe107⤵
-
\??\c:\tvvtptn.exec:\tvvtptn.exe108⤵
-
\??\c:\nfdlj.exec:\nfdlj.exe109⤵
-
\??\c:\vdtphnd.exec:\vdtphnd.exe110⤵
-
\??\c:\fltnjdv.exec:\fltnjdv.exe111⤵
-
\??\c:\jttjn.exec:\jttjn.exe112⤵
-
\??\c:\xvvpj.exec:\xvvpj.exe113⤵
-
\??\c:\nthjl.exec:\nthjl.exe114⤵
-
\??\c:\trlvd.exec:\trlvd.exe115⤵
-
\??\c:\dvrpntx.exec:\dvrpntx.exe116⤵
-
\??\c:\lxxrdxn.exec:\lxxrdxn.exe117⤵
-
\??\c:\bvlrl.exec:\bvlrl.exe118⤵
-
\??\c:\bbxfrl.exec:\bbxfrl.exe119⤵
-
\??\c:\hdhbhhh.exec:\hdhbhhh.exe120⤵
-
\??\c:\vbdlfhn.exec:\vbdlfhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-