Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13-05-2024 18:07
General
-
Target
019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31.exe
-
Size
335KB
-
MD5
b765d95bee1ac2a7b853cadfcbca8518
-
SHA1
edeede86753f5a2d33360281c9d10ced1b8ed163
-
SHA256
019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31
-
SHA512
4e8686faf4fef7605e52b8ebe6a55ac7799fc6244a0b78f61e7571717805da3ebd639d9bb6f625b2112a98b17f612954ab0e283e4509a28cf7fe0f9daf4a2cb6
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LCgnilBxBqwZK2q6sYTsmZDSFdBE0rXE4eftYDH8:n3C9BRo/CEilXBG2qZSlSFdBXExtYDH8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31.exe"C:\Users\Admin\AppData\Local\Temp\019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnbt.exec:\ttbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpdp.exec:\5vpdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlxrf.exec:\flxlxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbt.exec:\nnbbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpp.exec:\1ddpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxxlx.exec:\flrxxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlxl.exec:\xrlrlxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtht.exec:\hnhtht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnh.exec:\hthtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtn.exec:\bnhbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdp.exec:\pdvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpj.exec:\dpdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrflxl.exec:\xlrflxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrfrf.exec:\7fxrfrf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxffrr.exec:\lrxffrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnb.exec:\bnnbnb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjvd.exec:\5pjvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxllxx.exec:\lrxllxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbnbn.exec:\7hbnbn.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\1dpdp.exec:\1dpdp.exe25⤵
- Executes dropped EXE
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\1nbnhb.exec:\1nbnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\3nnbth.exec:\3nnbth.exe28⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe30⤵
- Executes dropped EXE
-
\??\c:\7fxfrxl.exec:\7fxfrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\ntthth.exec:\ntthth.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbnbt.exec:\bnbnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxflfr.exec:\ffxflfr.exe35⤵
- Executes dropped EXE
-
\??\c:\llfrlfr.exec:\llfrlfr.exe36⤵
- Executes dropped EXE
-
\??\c:\1hhnbn.exec:\1hhnbn.exe37⤵
- Executes dropped EXE
-
\??\c:\9pjvj.exec:\9pjvj.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrfrlx.exec:\rrrfrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\bhhthb.exec:\bhhthb.exe42⤵
- Executes dropped EXE
-
\??\c:\3jpjp.exec:\3jpjp.exe43⤵
- Executes dropped EXE
-
\??\c:\lxlxrlx.exec:\lxlxrlx.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfllfl.exec:\fxfllfl.exe45⤵
- Executes dropped EXE
-
\??\c:\nththb.exec:\nththb.exe46⤵
- Executes dropped EXE
-
\??\c:\vddjp.exec:\vddjp.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\1rlrfxl.exec:\1rlrfxl.exe49⤵
- Executes dropped EXE
-
\??\c:\bthtnb.exec:\bthtnb.exe50⤵
- Executes dropped EXE
-
\??\c:\5thnbt.exec:\5thnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\9pppd.exec:\9pppd.exe52⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe53⤵
- Executes dropped EXE
-
\??\c:\flfrfrf.exec:\flfrfrf.exe54⤵
- Executes dropped EXE
-
\??\c:\9nbnbn.exec:\9nbnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\nbthth.exec:\nbthth.exe56⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\jppvj.exec:\jppvj.exe58⤵
- Executes dropped EXE
-
\??\c:\rxrfrlx.exec:\rxrfrlx.exe59⤵
- Executes dropped EXE
-
\??\c:\flfrfrf.exec:\flfrfrf.exe60⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\5bbnbt.exec:\5bbnbt.exe62⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\rlflxlx.exec:\rlflxlx.exe65⤵
- Executes dropped EXE
-
\??\c:\5fxlxxl.exec:\5fxlxxl.exe66⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe67⤵
-
\??\c:\vvppv.exec:\vvppv.exe68⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe69⤵
-
\??\c:\rxrfrlx.exec:\rxrfrlx.exe70⤵
-
\??\c:\rrxxrrl.exec:\rrxxrrl.exe71⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe72⤵
-
\??\c:\bnnthh.exec:\bnnthh.exe73⤵
-
\??\c:\7hhnbt.exec:\7hhnbt.exe74⤵
-
\??\c:\7ppdd.exec:\7ppdd.exe75⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe76⤵
-
\??\c:\xxfrfxf.exec:\xxfrfxf.exe77⤵
-
\??\c:\frfrfrl.exec:\frfrfrl.exe78⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe79⤵
-
\??\c:\hnnbtb.exec:\hnnbtb.exe80⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe81⤵
-
\??\c:\dppdp.exec:\dppdp.exe82⤵
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe83⤵
-
\??\c:\rrlfrll.exec:\rrlfrll.exe84⤵
-
\??\c:\hnhbnh.exec:\hnhbnh.exe85⤵
-
\??\c:\7bbbtt.exec:\7bbbtt.exe86⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe87⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe88⤵
-
\??\c:\lrxlxfl.exec:\lrxlxfl.exe89⤵
-
\??\c:\rfxlflf.exec:\rfxlflf.exe90⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe91⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe92⤵
-
\??\c:\3dvjv.exec:\3dvjv.exe93⤵
-
\??\c:\xxlfxrr.exec:\xxlfxrr.exe94⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe95⤵
-
\??\c:\9rrlxxl.exec:\9rrlxxl.exe96⤵
-
\??\c:\hnhbth.exec:\hnhbth.exe97⤵
-
\??\c:\llxxrlf.exec:\llxxrlf.exe98⤵
-
\??\c:\ffxxxfl.exec:\ffxxxfl.exe99⤵
-
\??\c:\hhhbnb.exec:\hhhbnb.exe100⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe101⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe102⤵
-
\??\c:\djdpv.exec:\djdpv.exe103⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe104⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe105⤵
-
\??\c:\thnbnb.exec:\thnbnb.exe106⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe107⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe108⤵
-
\??\c:\djpdp.exec:\djpdp.exe109⤵
-
\??\c:\7rfrfxl.exec:\7rfrfxl.exe110⤵
-
\??\c:\rrxfxfr.exec:\rrxfxfr.exe111⤵
-
\??\c:\bbbhbn.exec:\bbbhbn.exe112⤵
-
\??\c:\bhhtnh.exec:\bhhtnh.exe113⤵
-
\??\c:\1jjdd.exec:\1jjdd.exe114⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe115⤵
-
\??\c:\1rffrlr.exec:\1rffrlr.exe116⤵
-
\??\c:\rrxlxlf.exec:\rrxlxlf.exe117⤵
-
\??\c:\9nhtht.exec:\9nhtht.exe118⤵
-
\??\c:\btthtn.exec:\btthtn.exe119⤵
-
\??\c:\9vpdp.exec:\9vpdp.exe120⤵
-
\??\c:\rrrflfr.exec:\rrrflfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-