Resubmissions
03-09-2024 14:02
240903-rb57sazdqf 1003-09-2024 13:51
240903-q59avszclf 1002-09-2024 19:51
240902-yk8gtsxbpd 1002-09-2024 02:27
240902-cxh7tazflg 1002-09-2024 02:26
240902-cwxc2sygll 1021-06-2024 19:37
240621-yca7cszgnd 1009-06-2024 17:07
240609-vm7rjadd73 1013-05-2024 17:36
240513-v6qblafe3y 1012-05-2024 17:17
240512-vty3zafh5s 10Analysis
-
max time kernel
105s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
13-05-2024 17:36
General
-
Target
Stealers/BlackMoon.exe
-
Size
387KB
-
MD5
336efa7460c08e3d47f29121742eb010
-
SHA1
f41c36cd83879d170309dede056563d35741b87b
-
SHA256
e6dd3fa33ad938b07c8978691f86b73e9f6fd84104b92f42566498bdb6b2930e
-
SHA512
e8d118fbe907a00d89c2514af4de475a0ea54943076bf90174234f77f2ec093a1246a0d4e78d1104a0dcda150b5441d28f4f3d1e768ecb20ae86383a99863c14
-
SSDEEP
12288:n3C9ytvngQjpUXoSWlnwJv90aKToFqwfN:SgdnJVU4TlnwJ6Goo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Stealers\BlackMoon.exe"C:\Users\Admin\AppData\Local\Temp\Stealers\BlackMoon.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvj.exec:\pvjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffrlfx.exec:\3ffrlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbttn.exec:\3bbttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrl.exec:\fffxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htbnt.exec:\9htbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhn.exec:\bthhhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlll.exec:\ffxrlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfxrl.exec:\rxxfxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrlf.exec:\fffrrlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvp.exec:\vjpvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrrrr.exec:\lllrrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttt.exec:\tttttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflffxx.exec:\xflffxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbthh.exec:\ntbthh.exe23⤵
- Executes dropped EXE
-
\??\c:\5bnhtt.exec:\5bnhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\1nnhtt.exec:\1nnhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\ffffxrl.exec:\ffffxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe29⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\xxxrxrr.exec:\xxxrxrr.exe32⤵
- Executes dropped EXE
-
\??\c:\bhttbb.exec:\bhttbb.exe33⤵
- Executes dropped EXE
-
\??\c:\5xffrrl.exec:\5xffrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\xxffffx.exec:\xxffffx.exe37⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\xflfrrl.exec:\xflfrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\tnntht.exec:\tnntht.exe43⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe44⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe45⤵
- Executes dropped EXE
-
\??\c:\fxxxxrr.exec:\fxxxxrr.exe46⤵
- Executes dropped EXE
-
\??\c:\9btntt.exec:\9btntt.exe47⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrxlrr.exec:\rlrxlrr.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrfxlf.exec:\lfrfxlf.exe50⤵
- Executes dropped EXE
-
\??\c:\7ntnnn.exec:\7ntnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe52⤵
- Executes dropped EXE
-
\??\c:\lffxxrr.exec:\lffxxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\fxxxrxr.exec:\fxxxrxr.exe54⤵
- Executes dropped EXE
-
\??\c:\7bhbtt.exec:\7bhbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\7tnhbb.exec:\7tnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\3dddd.exec:\3dddd.exe57⤵
- Executes dropped EXE
-
\??\c:\5xfffff.exec:\5xfffff.exe58⤵
- Executes dropped EXE
-
\??\c:\rrlfffx.exec:\rrlfffx.exe59⤵
- Executes dropped EXE
-
\??\c:\1bnntb.exec:\1bnntb.exe60⤵
- Executes dropped EXE
-
\??\c:\9tnnth.exec:\9tnnth.exe61⤵
- Executes dropped EXE
-
\??\c:\9vvpp.exec:\9vvpp.exe62⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\btnnnh.exec:\btnnnh.exe65⤵
- Executes dropped EXE
-
\??\c:\7nhbtn.exec:\7nhbtn.exe66⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe67⤵
-
\??\c:\7xxrllf.exec:\7xxrllf.exe68⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe69⤵
-
\??\c:\7nnntb.exec:\7nnntb.exe70⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe71⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe72⤵
-
\??\c:\llrrrrl.exec:\llrrrrl.exe73⤵
-
\??\c:\llrlfxr.exec:\llrlfxr.exe74⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe75⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe76⤵
-
\??\c:\rlllflf.exec:\rlllflf.exe77⤵
-
\??\c:\llrlffr.exec:\llrlffr.exe78⤵
-
\??\c:\hhnnhb.exec:\hhnnhb.exe79⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe80⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe81⤵
-
\??\c:\xrxrlxr.exec:\xrxrlxr.exe82⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe83⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe84⤵
-
\??\c:\1djjj.exec:\1djjj.exe85⤵
-
\??\c:\7llxrlr.exec:\7llxrlr.exe86⤵
-
\??\c:\rxlfxrr.exec:\rxlfxrr.exe87⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe88⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe89⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe90⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe91⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe92⤵
-
\??\c:\frxlfxr.exec:\frxlfxr.exe93⤵
-
\??\c:\hbbhbt.exec:\hbbhbt.exe94⤵
-
\??\c:\7nttnn.exec:\7nttnn.exe95⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe96⤵
-
\??\c:\lxffxff.exec:\lxffxff.exe97⤵
-
\??\c:\1ffxlll.exec:\1ffxlll.exe98⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe99⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe100⤵
-
\??\c:\jpddd.exec:\jpddd.exe101⤵
-
\??\c:\ffrrffr.exec:\ffrrffr.exe102⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe103⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe104⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe105⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe106⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe107⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe108⤵
-
\??\c:\vppdv.exec:\vppdv.exe109⤵
-
\??\c:\xlxxxrl.exec:\xlxxxrl.exe110⤵
-
\??\c:\ththbb.exec:\ththbb.exe111⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe112⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe113⤵
-
\??\c:\9flfllr.exec:\9flfllr.exe114⤵
-
\??\c:\7thbtt.exec:\7thbtt.exe115⤵
-
\??\c:\vddjp.exec:\vddjp.exe116⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe117⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe118⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe119⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe120⤵
-
\??\c:\3llfllx.exec:\3llfllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-