Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 17:58
General
-
Target
33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa.exe
-
Size
90KB
-
MD5
227ee42264ec7ed0e6eb5d39fbfe82b0
-
SHA1
89af0ee316315e2fb598f1050a5ff874128062d4
-
SHA256
33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa
-
SHA512
9b95031efa5db1df99ebd1e81bd0b001d21d56d35aa84159516662ebd08325eb645c2590de2ddbb47d08d78740461764e58a03270a47c28a94d20ddb588ca9e1
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWp5:8hOmTsF93UYfwC6GIout0fmCiiiXA6mb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa.exe"C:\Users\Admin\AppData\Local\Temp\33b25ee1f0389cef0b6951efa1197bf1e83212501ebb8a4979b69a34c408b9fa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrfrxf.exec:\7xrfrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjp.exec:\9pjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnt.exec:\btttnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htthh.exec:\1htthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrfffl.exec:\9lrfffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrxlr.exec:\xlxrxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnb.exec:\nbbbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlfllf.exec:\3rlfllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbnn.exec:\thbbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnhnn.exec:\7tnhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpd.exec:\djvpd.exe17⤵
- Executes dropped EXE
-
\??\c:\3xrxflx.exec:\3xrxflx.exe18⤵
- Executes dropped EXE
-
\??\c:\5ntnhn.exec:\5ntnhn.exe19⤵
- Executes dropped EXE
-
\??\c:\7btbht.exec:\7btbht.exe20⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe21⤵
- Executes dropped EXE
-
\??\c:\9xllrrx.exec:\9xllrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\1frrxxl.exec:\1frrxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe24⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrxlxx.exec:\fxrxlxx.exe26⤵
- Executes dropped EXE
-
\??\c:\frfrfff.exec:\frfrfff.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnhtn.exec:\nhnhtn.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\fllrrxl.exec:\fllrrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe33⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrlllx.exec:\fxrlllx.exe35⤵
- Executes dropped EXE
-
\??\c:\9ttnbh.exec:\9ttnbh.exe36⤵
- Executes dropped EXE
-
\??\c:\thntbh.exec:\thntbh.exe37⤵
- Executes dropped EXE
-
\??\c:\jvpvv.exec:\jvpvv.exe38⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxffffl.exec:\fxffffl.exe40⤵
- Executes dropped EXE
-
\??\c:\7rfxxrf.exec:\7rfxxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhhnh.exec:\nnhhnh.exe42⤵
- Executes dropped EXE
-
\??\c:\9nhbbh.exec:\9nhbbh.exe43⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxxxff.exec:\lfxxxff.exe45⤵
- Executes dropped EXE
-
\??\c:\rrllrlr.exec:\rrllrlr.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbnnn.exec:\nnbnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jvdpd.exec:\jvdpd.exe49⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe50⤵
- Executes dropped EXE
-
\??\c:\9fxxfxf.exec:\9fxxfxf.exe51⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe52⤵
- Executes dropped EXE
-
\??\c:\1thntt.exec:\1thntt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxrrlr.exec:\5rxrrlr.exe55⤵
- Executes dropped EXE
-
\??\c:\7frlfxr.exec:\7frlfxr.exe56⤵
- Executes dropped EXE
-
\??\c:\hbntbt.exec:\hbntbt.exe57⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lxffrxf.exec:\lxffrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe62⤵
- Executes dropped EXE
-
\??\c:\flrrrrr.exec:\flrrrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\thntbh.exec:\thntbh.exe64⤵
- Executes dropped EXE
-
\??\c:\3tntnn.exec:\3tntnn.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe66⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe67⤵
-
\??\c:\7xlrxrf.exec:\7xlrxrf.exe68⤵
-
\??\c:\7hnnnh.exec:\7hnnnh.exe69⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe70⤵
-
\??\c:\3dvjp.exec:\3dvjp.exe71⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe72⤵
-
\??\c:\xxrlxrf.exec:\xxrlxrf.exe73⤵
-
\??\c:\9lflrrx.exec:\9lflrrx.exe74⤵
-
\??\c:\3nbbnn.exec:\3nbbnn.exe75⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe76⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe77⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe78⤵
-
\??\c:\fxlrxll.exec:\fxlrxll.exe79⤵
-
\??\c:\fxlfrxx.exec:\fxlfrxx.exe80⤵
-
\??\c:\9nbbnn.exec:\9nbbnn.exe81⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe82⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe83⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe84⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe85⤵
-
\??\c:\fxlllfl.exec:\fxlllfl.exe86⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe87⤵
-
\??\c:\5nnnbb.exec:\5nnnbb.exe88⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe89⤵
-
\??\c:\pppdj.exec:\pppdj.exe90⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe91⤵
-
\??\c:\ffrllrr.exec:\ffrllrr.exe92⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe93⤵
-
\??\c:\1nhhhn.exec:\1nhhhn.exe94⤵
-
\??\c:\pppjj.exec:\pppjj.exe95⤵
-
\??\c:\1dddj.exec:\1dddj.exe96⤵
-
\??\c:\frxlxxl.exec:\frxlxxl.exe97⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe98⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe99⤵
-
\??\c:\3tntbn.exec:\3tntbn.exe100⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe101⤵
-
\??\c:\dvppj.exec:\dvppj.exe102⤵
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe103⤵
-
\??\c:\lxrrflx.exec:\lxrrflx.exe104⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe105⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe106⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe107⤵
-
\??\c:\rllrrxf.exec:\rllrrxf.exe108⤵
-
\??\c:\7frxflr.exec:\7frxflr.exe109⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe110⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe111⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe112⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe113⤵
-
\??\c:\lxxxxfl.exec:\lxxxxfl.exe114⤵
-
\??\c:\3lflxxx.exec:\3lflxxx.exe115⤵
-
\??\c:\nbhtbb.exec:\nbhtbb.exe116⤵
-
\??\c:\7jjpp.exec:\7jjpp.exe117⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe118⤵
-
\??\c:\frxxfxr.exec:\frxxfxr.exe119⤵
-
\??\c:\fxrfffl.exec:\fxrfffl.exe120⤵
-
\??\c:\llxlrrx.exec:\llxlrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-