Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
19-05-2024 10:20
General
-
Target
49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6.exe
-
Size
73KB
-
MD5
0a7a399e48a235cfc1ff92e152af1f00
-
SHA1
b4916d1f22c1cebbca40e8c03f35abb87ecc9360
-
SHA256
49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6
-
SHA512
a224947809ce22c4f311db1ef27dce5e93c48d966d99a08b5001a520f99b2b0d18f616937885dff84731ba98737d4a31d46e10658e7df2cc3d00ff240111060e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKeWqNSU:ymb3NkkiQ3mdBjFIjek5x
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6.exe"C:\Users\Admin\AppData\Local\Temp\49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrxl.exec:\lfxxrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbnt.exec:\7bnbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvp.exec:\9vvvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxllx.exec:\xxlxllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllrrx.exec:\9rllrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbht.exec:\nhnbht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvp.exec:\vdvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffllxx.exec:\fffllxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bthnh.exec:\3bthnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdp.exec:\dppdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fffflr.exec:\5fffflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnn.exec:\hbtbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvvd.exec:\3jvvd.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxfllr.exec:\lfxfllr.exe18⤵
- Executes dropped EXE
-
\??\c:\7frxfff.exec:\7frxfff.exe19⤵
- Executes dropped EXE
-
\??\c:\3thntb.exec:\3thntb.exe20⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe21⤵
- Executes dropped EXE
-
\??\c:\3pppp.exec:\3pppp.exe22⤵
- Executes dropped EXE
-
\??\c:\rflfrxf.exec:\rflfrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\xlflrrf.exec:\xlflrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\7thnbb.exec:\7thnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\llxlfrr.exec:\llxlfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbnhnn.exec:\hbnhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\5jddj.exec:\5jddj.exe30⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe31⤵
- Executes dropped EXE
-
\??\c:\lffrxfl.exec:\lffrxfl.exe32⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe33⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxllxf.exec:\rlxllxf.exe36⤵
- Executes dropped EXE
-
\??\c:\7xlrllx.exec:\7xlrllx.exe37⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\3thbtb.exec:\3thbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\rfrxffl.exec:\rfrxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfxlrx.exec:\rlfxlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe45⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe46⤵
- Executes dropped EXE
-
\??\c:\1dvdd.exec:\1dvdd.exe47⤵
- Executes dropped EXE
-
\??\c:\fxllxrf.exec:\fxllxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfrlxx.exec:\lxfrlxx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbbhn.exec:\hbbbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe52⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\xfxrfxf.exec:\xfxrfxf.exe55⤵
- Executes dropped EXE
-
\??\c:\5thntn.exec:\5thntn.exe56⤵
- Executes dropped EXE
-
\??\c:\3btbhh.exec:\3btbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\7htbnn.exec:\7htbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe59⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe60⤵
- Executes dropped EXE
-
\??\c:\3ddvd.exec:\3ddvd.exe61⤵
- Executes dropped EXE
-
\??\c:\rflxrfl.exec:\rflxrfl.exe62⤵
- Executes dropped EXE
-
\??\c:\rlfrffr.exec:\rlfrffr.exe63⤵
- Executes dropped EXE
-
\??\c:\btbhbb.exec:\btbhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\9tntbb.exec:\9tntbb.exe65⤵
- Executes dropped EXE
-
\??\c:\7vvdd.exec:\7vvdd.exe66⤵
-
\??\c:\pdppj.exec:\pdppj.exe67⤵
-
\??\c:\lxlxffr.exec:\lxlxffr.exe68⤵
-
\??\c:\fxfflfl.exec:\fxfflfl.exe69⤵
-
\??\c:\ththnt.exec:\ththnt.exe70⤵
-
\??\c:\hnhtnn.exec:\hnhtnn.exe71⤵
-
\??\c:\3vppj.exec:\3vppj.exe72⤵
-
\??\c:\vjddj.exec:\vjddj.exe73⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe74⤵
-
\??\c:\lflfflr.exec:\lflfflr.exe75⤵
-
\??\c:\rlrxffl.exec:\rlrxffl.exe76⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe77⤵
-
\??\c:\9bbnhh.exec:\9bbnhh.exe78⤵
-
\??\c:\5vddj.exec:\5vddj.exe79⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe80⤵
-
\??\c:\lfrrllr.exec:\lfrrllr.exe81⤵
-
\??\c:\frflxxf.exec:\frflxxf.exe82⤵
-
\??\c:\1bbnhb.exec:\1bbnhb.exe83⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe84⤵
-
\??\c:\dvppp.exec:\dvppp.exe85⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe86⤵
-
\??\c:\fxllrlr.exec:\fxllrlr.exe87⤵
-
\??\c:\1frrxxx.exec:\1frrxxx.exe88⤵
-
\??\c:\1hbhbt.exec:\1hbhbt.exe89⤵
-
\??\c:\5hbbhh.exec:\5hbbhh.exe90⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe91⤵
-
\??\c:\5ppjj.exec:\5ppjj.exe92⤵
-
\??\c:\rrflflx.exec:\rrflflx.exe93⤵
-
\??\c:\lfflrlr.exec:\lfflrlr.exe94⤵
-
\??\c:\7hnhnn.exec:\7hnhnn.exe95⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe96⤵
-
\??\c:\1pddj.exec:\1pddj.exe97⤵
-
\??\c:\3ppdv.exec:\3ppdv.exe98⤵
-
\??\c:\7rllllr.exec:\7rllllr.exe99⤵
-
\??\c:\llfllrf.exec:\llfllrf.exe100⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe101⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe102⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe103⤵
-
\??\c:\7jjpd.exec:\7jjpd.exe104⤵
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe105⤵
-
\??\c:\fxlrffx.exec:\fxlrffx.exe106⤵
-
\??\c:\rxrffxf.exec:\rxrffxf.exe107⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe108⤵
-
\??\c:\9htthh.exec:\9htthh.exe109⤵
-
\??\c:\vppjv.exec:\vppjv.exe110⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe111⤵
-
\??\c:\xfrrxxl.exec:\xfrrxxl.exe112⤵
-
\??\c:\lflrrxl.exec:\lflrrxl.exe113⤵
-
\??\c:\5tntnn.exec:\5tntnn.exe114⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe115⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe116⤵
-
\??\c:\vpddd.exec:\vpddd.exe117⤵
-
\??\c:\llllflx.exec:\llllflx.exe118⤵
-
\??\c:\fxlxfxl.exec:\fxlxfxl.exe119⤵
-
\??\c:\bththh.exec:\bththh.exe120⤵
-
\??\c:\7nbntt.exec:\7nbntt.exe121⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe122⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe123⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe124⤵
-
\??\c:\lxffffl.exec:\lxffffl.exe125⤵
-
\??\c:\xrflffr.exec:\xrflffr.exe126⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe127⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe128⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe129⤵
-
\??\c:\lfrrrll.exec:\lfrrrll.exe130⤵
-
\??\c:\rfxfxxf.exec:\rfxfxxf.exe131⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe132⤵
-
\??\c:\9nbtbb.exec:\9nbtbb.exe133⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe134⤵
-
\??\c:\pdppd.exec:\pdppd.exe135⤵
-
\??\c:\rlfrlxl.exec:\rlfrlxl.exe136⤵
-
\??\c:\rfxfrrx.exec:\rfxfrrx.exe137⤵
-
\??\c:\5ttthh.exec:\5ttthh.exe138⤵
-
\??\c:\5tbnhh.exec:\5tbnhh.exe139⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe140⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe141⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe142⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe143⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe144⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe145⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe146⤵
-
\??\c:\5vjvj.exec:\5vjvj.exe147⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe148⤵
-
\??\c:\9frlrrf.exec:\9frlrrf.exe149⤵
-
\??\c:\bnhntb.exec:\bnhntb.exe150⤵
-
\??\c:\bthntb.exec:\bthntb.exe151⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe152⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe153⤵
-
\??\c:\rllxrxf.exec:\rllxrxf.exe154⤵
-
\??\c:\xlxlfxf.exec:\xlxlfxf.exe155⤵
-
\??\c:\fxxlxxf.exec:\fxxlxxf.exe156⤵
-
\??\c:\hbthhh.exec:\hbthhh.exe157⤵
-
\??\c:\3btbnt.exec:\3btbnt.exe158⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe159⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe160⤵
-
\??\c:\5xxfrrx.exec:\5xxfrrx.exe161⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe162⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe163⤵
-
\??\c:\5btthn.exec:\5btthn.exe164⤵
-
\??\c:\dvddp.exec:\dvddp.exe165⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe166⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe167⤵
-
\??\c:\llxfxfl.exec:\llxfxfl.exe168⤵
-
\??\c:\rflrflx.exec:\rflrflx.exe169⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe170⤵
-
\??\c:\bnbnnt.exec:\bnbnnt.exe171⤵
-
\??\c:\5vpvj.exec:\5vpvj.exe172⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe173⤵
-
\??\c:\lxlxxfr.exec:\lxlxxfr.exe174⤵
-
\??\c:\1frxllr.exec:\1frxllr.exe175⤵
-
\??\c:\nbtthh.exec:\nbtthh.exe176⤵
-
\??\c:\btbnbt.exec:\btbnbt.exe177⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe178⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe179⤵
-
\??\c:\rlllxff.exec:\rlllxff.exe180⤵
-
\??\c:\xlrrllr.exec:\xlrrllr.exe181⤵
-
\??\c:\ththtb.exec:\ththtb.exe182⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe183⤵
-
\??\c:\9tnthn.exec:\9tnthn.exe184⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe185⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe186⤵
-
\??\c:\rlrrflr.exec:\rlrrflr.exe187⤵
-
\??\c:\frfrffl.exec:\frfrffl.exe188⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe189⤵
-
\??\c:\7nnbhn.exec:\7nnbhn.exe190⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe191⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe192⤵
-
\??\c:\rfrxlrf.exec:\rfrxlrf.exe193⤵
-
\??\c:\rrlrlrl.exec:\rrlrlrl.exe194⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe195⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe196⤵
-
\??\c:\bbnttt.exec:\bbnttt.exe197⤵
-
\??\c:\jddjd.exec:\jddjd.exe198⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe199⤵
-
\??\c:\lxlrxfr.exec:\lxlrxfr.exe200⤵
-
\??\c:\lfxfrrl.exec:\lfxfrrl.exe201⤵
-
\??\c:\9tntbb.exec:\9tntbb.exe202⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe203⤵
-
\??\c:\7tnntt.exec:\7tnntt.exe204⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe205⤵
-
\??\c:\9vpvj.exec:\9vpvj.exe206⤵
-
\??\c:\frlllfl.exec:\frlllfl.exe207⤵
-
\??\c:\5lrrfxf.exec:\5lrrfxf.exe208⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe209⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe210⤵
-
\??\c:\1pddj.exec:\1pddj.exe211⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe212⤵
-
\??\c:\5dvdv.exec:\5dvdv.exe213⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe214⤵
-
\??\c:\nbnnbt.exec:\nbnnbt.exe215⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe216⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe217⤵
-
\??\c:\rrlxxfr.exec:\rrlxxfr.exe218⤵
-
\??\c:\lxrxlff.exec:\lxrxlff.exe219⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe220⤵
-
\??\c:\thhhnh.exec:\thhhnh.exe221⤵
-
\??\c:\3ppvv.exec:\3ppvv.exe222⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe223⤵
-
\??\c:\rllllrf.exec:\rllllrf.exe224⤵
-
\??\c:\rlxfrfr.exec:\rlxfrfr.exe225⤵
-
\??\c:\7hnthb.exec:\7hnthb.exe226⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe227⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe228⤵
-
\??\c:\7dpvj.exec:\7dpvj.exe229⤵
-
\??\c:\lxllffl.exec:\lxllffl.exe230⤵
-
\??\c:\7lxflll.exec:\7lxflll.exe231⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe232⤵
-
\??\c:\9bhbbt.exec:\9bhbbt.exe233⤵
-
\??\c:\5htthh.exec:\5htthh.exe234⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe235⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe236⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe237⤵
-
\??\c:\rlrfrrf.exec:\rlrfrrf.exe238⤵
-
\??\c:\3hhnbb.exec:\3hhnbb.exe239⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe240⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe241⤵