Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22/05/2024, 04:05
General
-
Target
1a88fcf9b01109ee49ba5b0c3b38784ae50c2594fd47faff483a75b140e9f821.exe
-
Size
366KB
-
MD5
0d3bd255196d2cb03cb53f786b856300
-
SHA1
2eb54af4c2c04b9b8d88ccd84e05fc6da1263336
-
SHA256
1a88fcf9b01109ee49ba5b0c3b38784ae50c2594fd47faff483a75b140e9f821
-
SHA512
4ba1ff059bbf583520a8a7576d1d233e05f45054056f65c1be744392774c3de2b374f837bfbf27aaae8861afe51be71fceb20dbbad1093c314083a58531b1f66
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFhy:n3C9ytvnVXFUXoSWlnwJv90aKToFqwf4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a88fcf9b01109ee49ba5b0c3b38784ae50c2594fd47faff483a75b140e9f821.exe"C:\Users\Admin\AppData\Local\Temp\1a88fcf9b01109ee49ba5b0c3b38784ae50c2594fd47faff483a75b140e9f821.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnlxx.exec:\hnlxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvtfh.exec:\jvtfh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrnfvjl.exec:\xrnfvjl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfjxhbv.exec:\jfjxhbv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdlfr.exec:\jdlfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vthfh.exec:\vthfh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxjdffr.exec:\fxjdffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrvvfx.exec:\fxrvvfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xltxf.exec:\xltxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfffvb.exec:\jfffvb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvtdn.exec:\jvtdn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xljfdl.exec:\xljfdl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnfbt.exec:\lnfbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htrfl.exec:\htrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nftll.exec:\nftll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhjjbj.exec:\vhjjbj.exe17⤵
- Executes dropped EXE
-
\??\c:\phdlvx.exec:\phdlvx.exe18⤵
- Executes dropped EXE
-
\??\c:\bdrfj.exec:\bdrfj.exe19⤵
- Executes dropped EXE
-
\??\c:\jpvdxnl.exec:\jpvdxnl.exe20⤵
- Executes dropped EXE
-
\??\c:\ntlvfbj.exec:\ntlvfbj.exe21⤵
- Executes dropped EXE
-
\??\c:\lbrflxn.exec:\lbrflxn.exe22⤵
- Executes dropped EXE
-
\??\c:\lfhlbjv.exec:\lfhlbjv.exe23⤵
- Executes dropped EXE
-
\??\c:\vbptpp.exec:\vbptpp.exe24⤵
- Executes dropped EXE
-
\??\c:\vbjvr.exec:\vbjvr.exe25⤵
- Executes dropped EXE
-
\??\c:\jdnnrdv.exec:\jdnnrdv.exe26⤵
- Executes dropped EXE
-
\??\c:\tbppvj.exec:\tbppvj.exe27⤵
- Executes dropped EXE
-
\??\c:\ndxpnhl.exec:\ndxpnhl.exe28⤵
- Executes dropped EXE
-
\??\c:\nfxxl.exec:\nfxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\nvbljt.exec:\nvbljt.exe30⤵
- Executes dropped EXE
-
\??\c:\drrjvh.exec:\drrjvh.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvbr.exec:\jdvbr.exe32⤵
- Executes dropped EXE
-
\??\c:\vhltdh.exec:\vhltdh.exe33⤵
- Executes dropped EXE
-
\??\c:\rrtfxdb.exec:\rrtfxdb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvrrndb.exec:\jvrrndb.exe35⤵
- Executes dropped EXE
-
\??\c:\jnldd.exec:\jnldd.exe36⤵
- Executes dropped EXE
-
\??\c:\hhxfrnr.exec:\hhxfrnr.exe37⤵
- Executes dropped EXE
-
\??\c:\brrlbvb.exec:\brrlbvb.exe38⤵
- Executes dropped EXE
-
\??\c:\tppjdrv.exec:\tppjdrv.exe39⤵
- Executes dropped EXE
-
\??\c:\bbrtn.exec:\bbrtn.exe40⤵
- Executes dropped EXE
-
\??\c:\tdxjnxj.exec:\tdxjnxj.exe41⤵
- Executes dropped EXE
-
\??\c:\hxfhfjx.exec:\hxfhfjx.exe42⤵
- Executes dropped EXE
-
\??\c:\dbhbbl.exec:\dbhbbl.exe43⤵
- Executes dropped EXE
-
\??\c:\ltvfx.exec:\ltvfx.exe44⤵
- Executes dropped EXE
-
\??\c:\bxxfjdt.exec:\bxxfjdt.exe45⤵
- Executes dropped EXE
-
\??\c:\hrdvrr.exec:\hrdvrr.exe46⤵
- Executes dropped EXE
-
\??\c:\htnfl.exec:\htnfl.exe47⤵
- Executes dropped EXE
-
\??\c:\vbnnb.exec:\vbnnb.exe48⤵
- Executes dropped EXE
-
\??\c:\lrjxrj.exec:\lrjxrj.exe49⤵
- Executes dropped EXE
-
\??\c:\phnfh.exec:\phnfh.exe50⤵
- Executes dropped EXE
-
\??\c:\ljndb.exec:\ljndb.exe51⤵
- Executes dropped EXE
-
\??\c:\nddhpvd.exec:\nddhpvd.exe52⤵
- Executes dropped EXE
-
\??\c:\lfbnnvn.exec:\lfbnnvn.exe53⤵
- Executes dropped EXE
-
\??\c:\xjvjnf.exec:\xjvjnf.exe54⤵
- Executes dropped EXE
-
\??\c:\bvjrxf.exec:\bvjrxf.exe55⤵
- Executes dropped EXE
-
\??\c:\xjnfd.exec:\xjnfd.exe56⤵
- Executes dropped EXE
-
\??\c:\tvfjfl.exec:\tvfjfl.exe57⤵
- Executes dropped EXE
-
\??\c:\pdtll.exec:\pdtll.exe58⤵
- Executes dropped EXE
-
\??\c:\htttfhv.exec:\htttfhv.exe59⤵
- Executes dropped EXE
-
\??\c:\tlpxbvd.exec:\tlpxbvd.exe60⤵
- Executes dropped EXE
-
\??\c:\rjbhnd.exec:\rjbhnd.exe61⤵
- Executes dropped EXE
-
\??\c:\tvhrbj.exec:\tvhrbj.exe62⤵
- Executes dropped EXE
-
\??\c:\hxfbfpt.exec:\hxfbfpt.exe63⤵
- Executes dropped EXE
-
\??\c:\vnrtj.exec:\vnrtj.exe64⤵
- Executes dropped EXE
-
\??\c:\lhfjhj.exec:\lhfjhj.exe65⤵
- Executes dropped EXE
-
\??\c:\pvxpp.exec:\pvxpp.exe66⤵
-
\??\c:\ddlbnv.exec:\ddlbnv.exe67⤵
-
\??\c:\drrxlr.exec:\drrxlr.exe68⤵
-
\??\c:\htxhj.exec:\htxhj.exe69⤵
-
\??\c:\prfxbtb.exec:\prfxbtb.exe70⤵
-
\??\c:\dvdpnh.exec:\dvdpnh.exe71⤵
-
\??\c:\bnvbx.exec:\bnvbx.exe72⤵
-
\??\c:\brjvpvv.exec:\brjvpvv.exe73⤵
-
\??\c:\blplv.exec:\blplv.exe74⤵
-
\??\c:\thvlltj.exec:\thvlltj.exe75⤵
-
\??\c:\htlft.exec:\htlft.exe76⤵
-
\??\c:\hpfrx.exec:\hpfrx.exe77⤵
-
\??\c:\ttbdx.exec:\ttbdx.exe78⤵
-
\??\c:\lfnlpbn.exec:\lfnlpbn.exe79⤵
-
\??\c:\rdffv.exec:\rdffv.exe80⤵
-
\??\c:\bnlvfvv.exec:\bnlvfvv.exe81⤵
-
\??\c:\tpvxbtf.exec:\tpvxbtf.exe82⤵
-
\??\c:\hbtfrdt.exec:\hbtfrdt.exe83⤵
-
\??\c:\ftlbpdh.exec:\ftlbpdh.exe84⤵
-
\??\c:\jxfftrt.exec:\jxfftrt.exe85⤵
-
\??\c:\rrxphrp.exec:\rrxphrp.exe86⤵
-
\??\c:\rrtvv.exec:\rrtvv.exe87⤵
-
\??\c:\rxbnnt.exec:\rxbnnt.exe88⤵
-
\??\c:\tfjhjrn.exec:\tfjhjrn.exe89⤵
-
\??\c:\rrvnj.exec:\rrvnj.exe90⤵
-
\??\c:\bjvfpb.exec:\bjvfpb.exe91⤵
-
\??\c:\rvjrfv.exec:\rvjrfv.exe92⤵
-
\??\c:\tlrrt.exec:\tlrrt.exe93⤵
-
\??\c:\nfxdr.exec:\nfxdr.exe94⤵
-
\??\c:\nvlvxpf.exec:\nvlvxpf.exe95⤵
-
\??\c:\ftdlrt.exec:\ftdlrt.exe96⤵
-
\??\c:\npxrb.exec:\npxrb.exe97⤵
-
\??\c:\tnvdnn.exec:\tnvdnn.exe98⤵
-
\??\c:\vnvbr.exec:\vnvbr.exe99⤵
-
\??\c:\nhtjl.exec:\nhtjl.exe100⤵
-
\??\c:\lblflb.exec:\lblflb.exe101⤵
-
\??\c:\dxbfbh.exec:\dxbfbh.exe102⤵
-
\??\c:\bbdhv.exec:\bbdhv.exe103⤵
-
\??\c:\dxjdxd.exec:\dxjdxd.exe104⤵
-
\??\c:\dnnbhh.exec:\dnnbhh.exe105⤵
-
\??\c:\dxvtt.exec:\dxvtt.exe106⤵
-
\??\c:\vphbh.exec:\vphbh.exe107⤵
-
\??\c:\jhxhrxl.exec:\jhxhrxl.exe108⤵
-
\??\c:\lxndf.exec:\lxndf.exe109⤵
-
\??\c:\nvtrvpf.exec:\nvtrvpf.exe110⤵
-
\??\c:\xdphhb.exec:\xdphhb.exe111⤵
-
\??\c:\nhbxt.exec:\nhbxt.exe112⤵
-
\??\c:\hnbrxb.exec:\hnbrxb.exe113⤵
-
\??\c:\bfxddp.exec:\bfxddp.exe114⤵
-
\??\c:\hnnrbnl.exec:\hnnrbnl.exe115⤵
-
\??\c:\rxjphnx.exec:\rxjphnx.exe116⤵
-
\??\c:\ndhlb.exec:\ndhlb.exe117⤵
-
\??\c:\dtttpxl.exec:\dtttpxl.exe118⤵
-
\??\c:\ffftd.exec:\ffftd.exe119⤵
-
\??\c:\fplfnt.exec:\fplfnt.exe120⤵
-
\??\c:\jvnrj.exec:\jvnrj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-