Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19/05/2024, 21:16
General
-
Target
49cb1808fd24ce87d3537af04d433a694a8145a338790e8bce9a567f8e1ff6d5.exe
-
Size
70KB
-
MD5
773e13b8875d82638b269dfe57eee241
-
SHA1
e8a691cf28e0f8cf0a95cdd517f13c3248271b80
-
SHA256
49cb1808fd24ce87d3537af04d433a694a8145a338790e8bce9a567f8e1ff6d5
-
SHA512
3b65a2c80e55e938379846d3644e1c3a93711cd6b4f6dee89070dc495ab73db736a51b2352d62bb408614eabe3ef771e8db89f260f29ccff45d4308db668baa5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWS5:ymb3NkkiQ3mdBjFIynIK5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\49cb1808fd24ce87d3537af04d433a694a8145a338790e8bce9a567f8e1ff6d5.exe"C:\Users\Admin\AppData\Local\Temp\49cb1808fd24ce87d3537af04d433a694a8145a338790e8bce9a567f8e1ff6d5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bk9he7.exec:\bk9he7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66wtc9g.exec:\66wtc9g.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59ja4c.exec:\59ja4c.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lol409.exec:\5lol409.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\81c1wb6.exec:\81c1wb6.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i2277f.exec:\i2277f.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bb497.exec:\bb497.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j58q46.exec:\j58q46.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19km9.exec:\19km9.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\419665.exec:\419665.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bf91u1.exec:\5bf91u1.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0e55695.exec:\0e55695.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7r243.exec:\7r243.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0leurm1.exec:\0leurm1.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k0kcs.exec:\k0kcs.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2bn935o.exec:\2bn935o.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\is0gk7.exec:\is0gk7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89fp9.exec:\89fp9.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\508ec.exec:\508ec.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ds7p99.exec:\9ds7p99.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rddn0o.exec:\rddn0o.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d9c59.exec:\d9c59.exe23⤵
- Executes dropped EXE
-
\??\c:\0twi2.exec:\0twi2.exe24⤵
- Executes dropped EXE
-
\??\c:\1nn4u2.exec:\1nn4u2.exe25⤵
- Executes dropped EXE
-
\??\c:\o4973.exec:\o4973.exe26⤵
- Executes dropped EXE
-
\??\c:\fqf25s.exec:\fqf25s.exe27⤵
- Executes dropped EXE
-
\??\c:\1e9m9hh.exec:\1e9m9hh.exe28⤵
- Executes dropped EXE
-
\??\c:\fa8371k.exec:\fa8371k.exe29⤵
- Executes dropped EXE
-
\??\c:\i4iq80c.exec:\i4iq80c.exe30⤵
- Executes dropped EXE
-
\??\c:\q6s02f9.exec:\q6s02f9.exe31⤵
- Executes dropped EXE
-
\??\c:\v8oleq.exec:\v8oleq.exe32⤵
- Executes dropped EXE
-
\??\c:\68ve7c7.exec:\68ve7c7.exe33⤵
- Executes dropped EXE
-
\??\c:\g5977.exec:\g5977.exe34⤵
- Executes dropped EXE
-
\??\c:\103nqfm.exec:\103nqfm.exe35⤵
- Executes dropped EXE
-
\??\c:\2f55k.exec:\2f55k.exe36⤵
- Executes dropped EXE
-
\??\c:\d6v53.exec:\d6v53.exe37⤵
- Executes dropped EXE
-
\??\c:\jvmhui.exec:\jvmhui.exe38⤵
- Executes dropped EXE
-
\??\c:\nq32ak5.exec:\nq32ak5.exe39⤵
- Executes dropped EXE
-
\??\c:\9d588at.exec:\9d588at.exe40⤵
- Executes dropped EXE
-
\??\c:\15wrxd.exec:\15wrxd.exe41⤵
- Executes dropped EXE
-
\??\c:\3wb1135.exec:\3wb1135.exe42⤵
- Executes dropped EXE
-
\??\c:\2u30dj.exec:\2u30dj.exe43⤵
- Executes dropped EXE
-
\??\c:\ath1u.exec:\ath1u.exe44⤵
- Executes dropped EXE
-
\??\c:\u0s81.exec:\u0s81.exe45⤵
- Executes dropped EXE
-
\??\c:\5rptw9.exec:\5rptw9.exe46⤵
- Executes dropped EXE
-
\??\c:\g023c00.exec:\g023c00.exe47⤵
- Executes dropped EXE
-
\??\c:\599pd43.exec:\599pd43.exe48⤵
- Executes dropped EXE
-
\??\c:\84023r.exec:\84023r.exe49⤵
- Executes dropped EXE
-
\??\c:\us74g.exec:\us74g.exe50⤵
- Executes dropped EXE
-
\??\c:\27d22kh.exec:\27d22kh.exe51⤵
- Executes dropped EXE
-
\??\c:\638et.exec:\638et.exe52⤵
- Executes dropped EXE
-
\??\c:\9wu17u7.exec:\9wu17u7.exe53⤵
- Executes dropped EXE
-
\??\c:\dss2p.exec:\dss2p.exe54⤵
- Executes dropped EXE
-
\??\c:\m934xu.exec:\m934xu.exe55⤵
- Executes dropped EXE
-
\??\c:\r25p57.exec:\r25p57.exe56⤵
- Executes dropped EXE
-
\??\c:\4ck34k.exec:\4ck34k.exe57⤵
- Executes dropped EXE
-
\??\c:\t0c18.exec:\t0c18.exe58⤵
- Executes dropped EXE
-
\??\c:\wll1d.exec:\wll1d.exe59⤵
- Executes dropped EXE
-
\??\c:\2m8748.exec:\2m8748.exe60⤵
- Executes dropped EXE
-
\??\c:\p8t840.exec:\p8t840.exe61⤵
- Executes dropped EXE
-
\??\c:\c395830.exec:\c395830.exe62⤵
- Executes dropped EXE
-
\??\c:\34r131.exec:\34r131.exe63⤵
- Executes dropped EXE
-
\??\c:\dm2340.exec:\dm2340.exe64⤵
- Executes dropped EXE
-
\??\c:\q7ppkw.exec:\q7ppkw.exe65⤵
- Executes dropped EXE
-
\??\c:\2m15l3g.exec:\2m15l3g.exe66⤵
-
\??\c:\1ag97s.exec:\1ag97s.exe67⤵
-
\??\c:\6l25u.exec:\6l25u.exe68⤵
-
\??\c:\97d5oig.exec:\97d5oig.exe69⤵
-
\??\c:\q7s4wn.exec:\q7s4wn.exe70⤵
-
\??\c:\3fl752.exec:\3fl752.exe71⤵
-
\??\c:\h0io7.exec:\h0io7.exe72⤵
-
\??\c:\8oo4w.exec:\8oo4w.exe73⤵
-
\??\c:\qqa921x.exec:\qqa921x.exe74⤵
-
\??\c:\ueq56k.exec:\ueq56k.exe75⤵
-
\??\c:\247k95q.exec:\247k95q.exe76⤵
-
\??\c:\345d97.exec:\345d97.exe77⤵
-
\??\c:\17u41.exec:\17u41.exe78⤵
-
\??\c:\qtg6b.exec:\qtg6b.exe79⤵
-
\??\c:\0g9gb.exec:\0g9gb.exe80⤵
-
\??\c:\o6189e.exec:\o6189e.exe81⤵
-
\??\c:\59ku7.exec:\59ku7.exe82⤵
-
\??\c:\3w6h9.exec:\3w6h9.exe83⤵
-
\??\c:\x9w5u.exec:\x9w5u.exe84⤵
-
\??\c:\9233u62.exec:\9233u62.exe85⤵
-
\??\c:\ssvp33p.exec:\ssvp33p.exe86⤵
-
\??\c:\a6j9ek.exec:\a6j9ek.exe87⤵
-
\??\c:\6rawl.exec:\6rawl.exe88⤵
-
\??\c:\40rj8g9.exec:\40rj8g9.exe89⤵
-
\??\c:\36j3a.exec:\36j3a.exe90⤵
-
\??\c:\b217950.exec:\b217950.exe91⤵
-
\??\c:\66j33i8.exec:\66j33i8.exe92⤵
-
\??\c:\kucm3mk.exec:\kucm3mk.exe93⤵
-
\??\c:\9nec6.exec:\9nec6.exe94⤵
-
\??\c:\47m51.exec:\47m51.exe95⤵
-
\??\c:\8hkojec.exec:\8hkojec.exe96⤵
-
\??\c:\g04lu.exec:\g04lu.exe97⤵
-
\??\c:\12668mj.exec:\12668mj.exe98⤵
-
\??\c:\8922t3.exec:\8922t3.exe99⤵
-
\??\c:\kaa17.exec:\kaa17.exe100⤵
-
\??\c:\h604r.exec:\h604r.exe101⤵
-
\??\c:\t639i.exec:\t639i.exe102⤵
-
\??\c:\vpq8742.exec:\vpq8742.exe103⤵
-
\??\c:\4c6ux.exec:\4c6ux.exe104⤵
-
\??\c:\6834hdq.exec:\6834hdq.exe105⤵
-
\??\c:\07l5535.exec:\07l5535.exe106⤵
-
\??\c:\57565ag.exec:\57565ag.exe107⤵
-
\??\c:\4l692.exec:\4l692.exe108⤵
-
\??\c:\hh576.exec:\hh576.exe109⤵
-
\??\c:\5s40tv.exec:\5s40tv.exe110⤵
-
\??\c:\b9n55wh.exec:\b9n55wh.exe111⤵
-
\??\c:\hxoanoa.exec:\hxoanoa.exe112⤵
-
\??\c:\00ol1lb.exec:\00ol1lb.exe113⤵
-
\??\c:\3qimki4.exec:\3qimki4.exe114⤵
-
\??\c:\47g7i.exec:\47g7i.exe115⤵
-
\??\c:\02r87.exec:\02r87.exe116⤵
-
\??\c:\xif976.exec:\xif976.exe117⤵
-
\??\c:\537s3q.exec:\537s3q.exe118⤵
-
\??\c:\26s9u41.exec:\26s9u41.exe119⤵
-
\??\c:\i1o5a.exec:\i1o5a.exe120⤵
-
\??\c:\qquae.exec:\qquae.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-