Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
22-05-2024 13:31
General
-
Target
33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa.exe
-
Size
90KB
-
MD5
227ee42264ec7ed0e6eb5d39fbfe82b0
-
SHA1
89af0ee316315e2fb598f1050a5ff874128062d4
-
SHA256
33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa
-
SHA512
9b95031efa5db1df99ebd1e81bd0b001d21d56d35aa84159516662ebd08325eb645c2590de2ddbb47d08d78740461764e58a03270a47c28a94d20ddb588ca9e1
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWp5:8hOmTsF93UYfwC6GIout0fmCiiiXA6mb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa.exe"C:\Users\Admin\AppData\Local\Temp\33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthh.exec:\ttnthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfllr.exec:\rrxfllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnn.exec:\hhbhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbhh.exec:\nnhbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdjp.exec:\1vdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxflr.exec:\xrlxflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnth.exec:\hhhnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhttb.exec:\nbhttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdpv.exec:\7vdpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxxxxf.exec:\1fxxxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfflf.exec:\lllfflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnhn.exec:\1bnnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjj.exec:\pvdjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrxlx.exec:\5fxrxlx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbnbb.exec:\5bbnbb.exe17⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe18⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe19⤵
- Executes dropped EXE
-
\??\c:\3lrlxxl.exec:\3lrlxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\3rfrrrf.exec:\3rfrrrf.exe21⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\dpjvv.exec:\dpjvv.exe23⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\rfxlrxf.exec:\rfxlrxf.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbnhn.exec:\nnbnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\5hbhnb.exec:\5hbhnb.exe27⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe29⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe30⤵
- Executes dropped EXE
-
\??\c:\9ntntb.exec:\9ntntb.exe31⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\5fxflrf.exec:\5fxflrf.exe34⤵
- Executes dropped EXE
-
\??\c:\5bnbnn.exec:\5bnbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\9nhtbt.exec:\9nhtbt.exe36⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe37⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe38⤵
- Executes dropped EXE
-
\??\c:\fflrxfl.exec:\fflrxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\nnbhtt.exec:\nnbhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\9ddjj.exec:\9ddjj.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrrrxl.exec:\xxrrrxl.exe44⤵
- Executes dropped EXE
-
\??\c:\xlfxflx.exec:\xlfxflx.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnthh.exec:\tnnthh.exe46⤵
- Executes dropped EXE
-
\??\c:\3nnhtt.exec:\3nnhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\7jvpp.exec:\7jvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe49⤵
- Executes dropped EXE
-
\??\c:\frflxrr.exec:\frflxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\rrllrxf.exec:\rrllrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\7pjpd.exec:\7pjpd.exe53⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe54⤵
- Executes dropped EXE
-
\??\c:\7xlrxxf.exec:\7xlrxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\ffxrxfr.exec:\ffxrxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\btnhnt.exec:\btnhnt.exe57⤵
- Executes dropped EXE
-
\??\c:\bbtbnh.exec:\bbtbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe59⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe60⤵
- Executes dropped EXE
-
\??\c:\1rfflxf.exec:\1rfflxf.exe61⤵
- Executes dropped EXE
-
\??\c:\1fxfrrx.exec:\1fxfrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe63⤵
- Executes dropped EXE
-
\??\c:\bbnbnn.exec:\bbnbnn.exe64⤵
- Executes dropped EXE
-
\??\c:\5vjpv.exec:\5vjpv.exe65⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe66⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe67⤵
-
\??\c:\7bttbn.exec:\7bttbn.exe68⤵
-
\??\c:\hnhbbn.exec:\hnhbbn.exe69⤵
-
\??\c:\3vpjp.exec:\3vpjp.exe70⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe71⤵
-
\??\c:\9llrxfl.exec:\9llrxfl.exe72⤵
-
\??\c:\rlrxllr.exec:\rlrxllr.exe73⤵
-
\??\c:\1nhhtt.exec:\1nhhtt.exe74⤵
-
\??\c:\hhbbhb.exec:\hhbbhb.exe75⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe76⤵
-
\??\c:\jvddp.exec:\jvddp.exe77⤵
-
\??\c:\rflrfxx.exec:\rflrfxx.exe78⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe79⤵
-
\??\c:\3ntnhn.exec:\3ntnhn.exe80⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe81⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe82⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe83⤵
-
\??\c:\1xlfrxf.exec:\1xlfrxf.exe84⤵
-
\??\c:\3ffxllx.exec:\3ffxllx.exe85⤵
-
\??\c:\9bbhtb.exec:\9bbhtb.exe86⤵
-
\??\c:\tntntt.exec:\tntntt.exe87⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe88⤵
-
\??\c:\7lflxfr.exec:\7lflxfr.exe89⤵
-
\??\c:\1xxfllr.exec:\1xxfllr.exe90⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe91⤵
-
\??\c:\jppjp.exec:\jppjp.exe92⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe93⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe94⤵
-
\??\c:\5bnbnt.exec:\5bnbnt.exe95⤵
-
\??\c:\bttttn.exec:\bttttn.exe96⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe97⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe98⤵
-
\??\c:\3fxflrl.exec:\3fxflrl.exe99⤵
-
\??\c:\fxllxxr.exec:\fxllxxr.exe100⤵
-
\??\c:\bnhnbh.exec:\bnhnbh.exe101⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe102⤵
-
\??\c:\7vjvp.exec:\7vjvp.exe103⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe104⤵
-
\??\c:\fxxlflx.exec:\fxxlflx.exe105⤵
-
\??\c:\1bnhhh.exec:\1bnhhh.exe106⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe107⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe108⤵
-
\??\c:\ddddd.exec:\ddddd.exe109⤵
-
\??\c:\flfllxf.exec:\flfllxf.exe110⤵
-
\??\c:\frxxfxf.exec:\frxxfxf.exe111⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe112⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe113⤵
-
\??\c:\vpddv.exec:\vpddv.exe114⤵
-
\??\c:\pdppv.exec:\pdppv.exe115⤵
-
\??\c:\5xrlrrx.exec:\5xrlrrx.exe116⤵
-
\??\c:\7hhthn.exec:\7hhthn.exe117⤵
-
\??\c:\tbbhth.exec:\tbbhth.exe118⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe119⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe120⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-