Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 07:58
General
-
Target
24a47fd3806fbe678b579cf9b8d5fc9b19958db170ad648c6bc7f36bef1326fb.exe
-
Size
82KB
-
MD5
25d6411f8b6fc578d193e6ff1a239d80
-
SHA1
a6f92b357a21fabb781ef1cf80d6005fdb4cce8d
-
SHA256
24a47fd3806fbe678b579cf9b8d5fc9b19958db170ad648c6bc7f36bef1326fb
-
SHA512
1e66c73c41cf59e128da09bceb60f0089c99e00bc93c8a6267443bf60c84a8e796795f4156207589d5f59f0595163f191088b75389229abd374331ad4dcff343
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8AelS7/7VIQH2i:ChOmTsF93UYfwC6GIoutAe07zVIq7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 56 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24a47fd3806fbe678b579cf9b8d5fc9b19958db170ad648c6bc7f36bef1326fb.exe"C:\Users\Admin\AppData\Local\Temp\24a47fd3806fbe678b579cf9b8d5fc9b19958db170ad648c6bc7f36bef1326fb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lvhjr.exec:\lvhjr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhnrjp.exec:\lhnrjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxvrd.exec:\jxvrd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxxrfj.exec:\jxxrfj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brvpdf.exec:\brvpdf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trthbb.exec:\trthbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phlplj.exec:\phlplj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfpp.exec:\lxxfpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtbfvbj.exec:\vtbfvbj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bljffj.exec:\bljffj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lphvvlb.exec:\lphvvlb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxvjf.exec:\pxvjf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvdjnnt.exec:\hvdjnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxtld.exec:\pxtld.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhxpnh.exec:\vhxpnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxlxpd.exec:\nxlxpd.exe17⤵
- Executes dropped EXE
-
\??\c:\hjdnt.exec:\hjdnt.exe18⤵
- Executes dropped EXE
-
\??\c:\jxhjlr.exec:\jxhjlr.exe19⤵
- Executes dropped EXE
-
\??\c:\lrnxlrv.exec:\lrnxlrv.exe20⤵
- Executes dropped EXE
-
\??\c:\xxnhbfj.exec:\xxnhbfj.exe21⤵
- Executes dropped EXE
-
\??\c:\dlpjlf.exec:\dlpjlf.exe22⤵
- Executes dropped EXE
-
\??\c:\btjdv.exec:\btjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\xjpll.exec:\xjpll.exe24⤵
- Executes dropped EXE
-
\??\c:\xbvfnlb.exec:\xbvfnlb.exe25⤵
- Executes dropped EXE
-
\??\c:\hnfjntx.exec:\hnfjntx.exe26⤵
- Executes dropped EXE
-
\??\c:\dbrbt.exec:\dbrbt.exe27⤵
- Executes dropped EXE
-
\??\c:\phbjn.exec:\phbjn.exe28⤵
- Executes dropped EXE
-
\??\c:\lvlnn.exec:\lvlnn.exe29⤵
- Executes dropped EXE
-
\??\c:\tjpbbx.exec:\tjpbbx.exe30⤵
- Executes dropped EXE
-
\??\c:\pbhlbtn.exec:\pbhlbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\fnvnbl.exec:\fnvnbl.exe32⤵
- Executes dropped EXE
-
\??\c:\tlndn.exec:\tlndn.exe33⤵
- Executes dropped EXE
-
\??\c:\lhvjvn.exec:\lhvjvn.exe34⤵
- Executes dropped EXE
-
\??\c:\jdbdf.exec:\jdbdf.exe35⤵
- Executes dropped EXE
-
\??\c:\bnvvpt.exec:\bnvvpt.exe36⤵
- Executes dropped EXE
-
\??\c:\jbjxtb.exec:\jbjxtb.exe37⤵
- Executes dropped EXE
-
\??\c:\tjfppxt.exec:\tjfppxt.exe38⤵
- Executes dropped EXE
-
\??\c:\tnfbl.exec:\tnfbl.exe39⤵
- Executes dropped EXE
-
\??\c:\pftvvhn.exec:\pftvvhn.exe40⤵
- Executes dropped EXE
-
\??\c:\brvvpjp.exec:\brvvpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\blvhlt.exec:\blvhlt.exe42⤵
- Executes dropped EXE
-
\??\c:\jlvrpjb.exec:\jlvrpjb.exe43⤵
- Executes dropped EXE
-
\??\c:\tnlrl.exec:\tnlrl.exe44⤵
- Executes dropped EXE
-
\??\c:\drpxlh.exec:\drpxlh.exe45⤵
- Executes dropped EXE
-
\??\c:\hbhxbhx.exec:\hbhxbhx.exe46⤵
- Executes dropped EXE
-
\??\c:\dhpvrtf.exec:\dhpvrtf.exe47⤵
- Executes dropped EXE
-
\??\c:\hvhdv.exec:\hvhdv.exe48⤵
- Executes dropped EXE
-
\??\c:\vtdbvjt.exec:\vtdbvjt.exe49⤵
- Executes dropped EXE
-
\??\c:\jlnhdjh.exec:\jlnhdjh.exe50⤵
- Executes dropped EXE
-
\??\c:\rxvxrxf.exec:\rxvxrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\xpndjx.exec:\xpndjx.exe52⤵
- Executes dropped EXE
-
\??\c:\tlnbh.exec:\tlnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\hpnxpdh.exec:\hpnxpdh.exe54⤵
- Executes dropped EXE
-
\??\c:\ftlfv.exec:\ftlfv.exe55⤵
- Executes dropped EXE
-
\??\c:\htjtljp.exec:\htjtljp.exe56⤵
- Executes dropped EXE
-
\??\c:\hxfxf.exec:\hxfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\dxbtt.exec:\dxbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jbdxhlp.exec:\jbdxhlp.exe59⤵
- Executes dropped EXE
-
\??\c:\llbhdbx.exec:\llbhdbx.exe60⤵
- Executes dropped EXE
-
\??\c:\ddxjd.exec:\ddxjd.exe61⤵
- Executes dropped EXE
-
\??\c:\rtpnhlt.exec:\rtpnhlt.exe62⤵
- Executes dropped EXE
-
\??\c:\xppnt.exec:\xppnt.exe63⤵
- Executes dropped EXE
-
\??\c:\bprhxf.exec:\bprhxf.exe64⤵
- Executes dropped EXE
-
\??\c:\vxtljdp.exec:\vxtljdp.exe65⤵
- Executes dropped EXE
-
\??\c:\ldnfnh.exec:\ldnfnh.exe66⤵
-
\??\c:\jdrtbd.exec:\jdrtbd.exe67⤵
-
\??\c:\ptfdhb.exec:\ptfdhb.exe68⤵
-
\??\c:\tdnvrxj.exec:\tdnvrxj.exe69⤵
-
\??\c:\hrrvntp.exec:\hrrvntp.exe70⤵
-
\??\c:\tlrfpl.exec:\tlrfpl.exe71⤵
-
\??\c:\xhjjfdp.exec:\xhjjfdp.exe72⤵
-
\??\c:\rbnfxff.exec:\rbnfxff.exe73⤵
-
\??\c:\xtnphlh.exec:\xtnphlh.exe74⤵
-
\??\c:\dxjbb.exec:\dxjbb.exe75⤵
-
\??\c:\fphbdnr.exec:\fphbdnr.exe76⤵
-
\??\c:\phtlx.exec:\phtlx.exe77⤵
-
\??\c:\dvfbdtd.exec:\dvfbdtd.exe78⤵
-
\??\c:\jrllv.exec:\jrllv.exe79⤵
-
\??\c:\jpvbd.exec:\jpvbd.exe80⤵
-
\??\c:\vdfnlpj.exec:\vdfnlpj.exe81⤵
-
\??\c:\xtdvb.exec:\xtdvb.exe82⤵
-
\??\c:\hdnjh.exec:\hdnjh.exe83⤵
-
\??\c:\dvnxb.exec:\dvnxb.exe84⤵
-
\??\c:\dnvljtr.exec:\dnvljtr.exe85⤵
-
\??\c:\jntdd.exec:\jntdd.exe86⤵
-
\??\c:\tvfljp.exec:\tvfljp.exe87⤵
-
\??\c:\nxfnrn.exec:\nxfnrn.exe88⤵
-
\??\c:\dtldtxn.exec:\dtldtxn.exe89⤵
-
\??\c:\hhprh.exec:\hhprh.exe90⤵
-
\??\c:\dvrtbx.exec:\dvrtbx.exe91⤵
-
\??\c:\fbhtdf.exec:\fbhtdf.exe92⤵
-
\??\c:\rbdbdx.exec:\rbdbdx.exe93⤵
-
\??\c:\vnfxvv.exec:\vnfxvv.exe94⤵
-
\??\c:\rbjhh.exec:\rbjhh.exe95⤵
-
\??\c:\frbjpp.exec:\frbjpp.exe96⤵
-
\??\c:\nftrt.exec:\nftrt.exe97⤵
-
\??\c:\jttvj.exec:\jttvj.exe98⤵
-
\??\c:\dnvlx.exec:\dnvlx.exe99⤵
-
\??\c:\ptprbtn.exec:\ptprbtn.exe100⤵
-
\??\c:\pdbdhff.exec:\pdbdhff.exe101⤵
-
\??\c:\xxdbjx.exec:\xxdbjx.exe102⤵
-
\??\c:\rddpp.exec:\rddpp.exe103⤵
-
\??\c:\jvhlvpl.exec:\jvhlvpl.exe104⤵
-
\??\c:\lfrxtr.exec:\lfrxtr.exe105⤵
-
\??\c:\lxtxdd.exec:\lxtxdd.exe106⤵
-
\??\c:\brjpld.exec:\brjpld.exe107⤵
-
\??\c:\jjtttbr.exec:\jjtttbr.exe108⤵
-
\??\c:\prrffrd.exec:\prrffrd.exe109⤵
-
\??\c:\bjbhh.exec:\bjbhh.exe110⤵
-
\??\c:\bjrdbff.exec:\bjrdbff.exe111⤵
-
\??\c:\tbbrj.exec:\tbbrj.exe112⤵
-
\??\c:\njvtblp.exec:\njvtblp.exe113⤵
-
\??\c:\ltbxxxn.exec:\ltbxxxn.exe114⤵
-
\??\c:\txdphll.exec:\txdphll.exe115⤵
-
\??\c:\bffbllr.exec:\bffbllr.exe116⤵
-
\??\c:\lnblnxj.exec:\lnblnxj.exe117⤵
-
\??\c:\ppprxp.exec:\ppprxp.exe118⤵
-
\??\c:\ptdhvbh.exec:\ptdhvbh.exe119⤵
-
\??\c:\nrfrb.exec:\nrfrb.exe120⤵
-
\??\c:\dnpbrj.exec:\dnpbrj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-