Resubmissions
03-09-2024 14:02
240903-rb57sazdqf 1003-09-2024 13:51
240903-q59avszclf 1002-09-2024 19:51
240902-yk8gtsxbpd 1002-09-2024 02:27
240902-cxh7tazflg 1002-09-2024 02:26
240902-cwxc2sygll 1021-06-2024 19:37
240621-yca7cszgnd 1009-06-2024 17:07
240609-vm7rjadd73 1013-05-2024 17:36
240513-v6qblafe3y 1012-05-2024 17:17
240512-vty3zafh5s 10Analysis
-
max time kernel
1800s -
max time network
1173s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10-05-2024 18:05
General
-
Target
Stealers/BlackMoon.exe
-
Size
387KB
-
MD5
336efa7460c08e3d47f29121742eb010
-
SHA1
f41c36cd83879d170309dede056563d35741b87b
-
SHA256
e6dd3fa33ad938b07c8978691f86b73e9f6fd84104b92f42566498bdb6b2930e
-
SHA512
e8d118fbe907a00d89c2514af4de475a0ea54943076bf90174234f77f2ec093a1246a0d4e78d1104a0dcda150b5441d28f4f3d1e768ecb20ae86383a99863c14
-
SSDEEP
12288:n3C9ytvngQjpUXoSWlnwJv90aKToFqwfN:SgdnJVU4TlnwJ6Goo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Stealers\BlackMoon.exe"C:\Users\Admin\AppData\Local\Temp\Stealers\BlackMoon.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvp.exec:\vppvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxfx.exec:\lrlfxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbt.exec:\ttttbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnhn.exec:\htnnhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfff.exec:\lfllfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbb.exec:\bnhhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfff.exec:\frrlfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrxlx.exec:\flxrxlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlffff.exec:\xrlffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhnh.exec:\nnnhnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtttn.exec:\nbtttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnhbh.exec:\3hnhbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffxfx.exec:\xxffxfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe23⤵
- Executes dropped EXE
-
\??\c:\flrlfxx.exec:\flrlfxx.exe24⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\rfrrrff.exec:\rfrrrff.exe26⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe30⤵
- Executes dropped EXE
-
\??\c:\9thhbb.exec:\9thhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe32⤵
- Executes dropped EXE
-
\??\c:\5xlflrl.exec:\5xlflrl.exe33⤵
- Executes dropped EXE
-
\??\c:\dddjp.exec:\dddjp.exe34⤵
- Executes dropped EXE
-
\??\c:\1jdpj.exec:\1jdpj.exe35⤵
- Executes dropped EXE
-
\??\c:\1llfrrr.exec:\1llfrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnbtn.exec:\tnnbtn.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxfrxl.exec:\xlxfrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\1hnhnb.exec:\1hnhnb.exe40⤵
- Executes dropped EXE
-
\??\c:\hbnhtt.exec:\hbnhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxrxrl.exec:\xrxrxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\tbnnhh.exec:\tbnnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrrllf.exec:\rlrrllf.exe46⤵
- Executes dropped EXE
-
\??\c:\rllfxrl.exec:\rllfxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe48⤵
- Executes dropped EXE
-
\??\c:\3jpjd.exec:\3jpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe50⤵
- Executes dropped EXE
-
\??\c:\rrfxllf.exec:\rrfxllf.exe51⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\xlllffx.exec:\xlllffx.exe55⤵
- Executes dropped EXE
-
\??\c:\5hhhbh.exec:\5hhhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\bhhthb.exec:\bhhthb.exe57⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe58⤵
- Executes dropped EXE
-
\??\c:\fflflfl.exec:\fflflfl.exe59⤵
- Executes dropped EXE
-
\??\c:\5flrrlf.exec:\5flrrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\9hnhnn.exec:\9hnhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\1llfxxr.exec:\1llfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe66⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe67⤵
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe68⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe69⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe70⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe71⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe72⤵
-
\??\c:\xlrxlll.exec:\xlrxlll.exe73⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe74⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe75⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe76⤵
-
\??\c:\rrxxllf.exec:\rrxxllf.exe77⤵
-
\??\c:\1hbbbt.exec:\1hbbbt.exe78⤵
-
\??\c:\nbhtnn.exec:\nbhtnn.exe79⤵
-
\??\c:\pjddv.exec:\pjddv.exe80⤵
-
\??\c:\lrffxxr.exec:\lrffxxr.exe81⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe82⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe83⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe84⤵
-
\??\c:\9xxrllf.exec:\9xxrllf.exe85⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe86⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe87⤵
-
\??\c:\dddvp.exec:\dddvp.exe88⤵
-
\??\c:\xffxrxr.exec:\xffxrxr.exe89⤵
-
\??\c:\rrlrxrf.exec:\rrlrxrf.exe90⤵
-
\??\c:\9nhbtn.exec:\9nhbtn.exe91⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe92⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe93⤵
-
\??\c:\rrlfrlf.exec:\rrlfrlf.exe94⤵
-
\??\c:\9tnnbb.exec:\9tnnbb.exe95⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe96⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe97⤵
-
\??\c:\xffxlll.exec:\xffxlll.exe98⤵
-
\??\c:\lxlxlxl.exec:\lxlxlxl.exe99⤵
-
\??\c:\htthtb.exec:\htthtb.exe100⤵
-
\??\c:\bhnbbb.exec:\bhnbbb.exe101⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe102⤵
-
\??\c:\9rlxrlx.exec:\9rlxrlx.exe103⤵
-
\??\c:\lxrllll.exec:\lxrllll.exe104⤵
-
\??\c:\5bbbtt.exec:\5bbbtt.exe105⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe106⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe107⤵
-
\??\c:\5lllfxx.exec:\5lllfxx.exe108⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe109⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe110⤵
-
\??\c:\jvppj.exec:\jvppj.exe111⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe112⤵
-
\??\c:\lxrrfxl.exec:\lxrrfxl.exe113⤵
-
\??\c:\1ththb.exec:\1ththb.exe114⤵
-
\??\c:\vdddv.exec:\vdddv.exe115⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe116⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe117⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe118⤵
-
\??\c:\5nhhhh.exec:\5nhhhh.exe119⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe120⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-