Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
24-05-2024 19:41
General
-
Target
24896a3962bfa3d4bb08e19e37333a9ce805732775de765bfa139db3cc65789a.exe
-
Size
363KB
-
MD5
56a0d8a45e882c0208ffce6f971c91cc
-
SHA1
353677c3ccd3cdd708874a6963e0871abb7c57bf
-
SHA256
24896a3962bfa3d4bb08e19e37333a9ce805732775de765bfa139db3cc65789a
-
SHA512
e810be0f58b2681e9fd2aae6418b48706a4c824e3812912083b01a66339093c426c7433ef58ba93319b00c7dadad7768ff2fbbe12141f6a9a4e950e0d9bd3bc8
-
SSDEEP
6144:9cm4FmowdHoSdSyEAxyx/ZrTTr4qIMgE8Z:/4wFHoSQuxy3rTXIM18Z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24896a3962bfa3d4bb08e19e37333a9ce805732775de765bfa139db3cc65789a.exe"C:\Users\Admin\AppData\Local\Temp\24896a3962bfa3d4bb08e19e37333a9ce805732775de765bfa139db3cc65789a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxxffl.exec:\1lxxffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxllf.exec:\xfrxllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbbb.exec:\bttbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpvv.exec:\3dpvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxrrf.exec:\llrxrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhtbh.exec:\9hhtbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvp.exec:\vppvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffllx.exec:\lxffllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbhn.exec:\3btbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvvj.exec:\7pvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrlx.exec:\fflxrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbnb.exec:\ttbbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhth.exec:\bnhhth.exe17⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe18⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe19⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe20⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxxffr.exec:\lfxxffr.exe22⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe23⤵
- Executes dropped EXE
-
\??\c:\7vppv.exec:\7vppv.exe24⤵
- Executes dropped EXE
-
\??\c:\1rfxllr.exec:\1rfxllr.exe25⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe26⤵
- Executes dropped EXE
-
\??\c:\bththt.exec:\bththt.exe27⤵
- Executes dropped EXE
-
\??\c:\5tttbb.exec:\5tttbb.exe28⤵
- Executes dropped EXE
-
\??\c:\xxlrffr.exec:\xxlrffr.exe29⤵
- Executes dropped EXE
-
\??\c:\xxlxlfl.exec:\xxlxlfl.exe30⤵
- Executes dropped EXE
-
\??\c:\hthnbb.exec:\hthnbb.exe31⤵
- Executes dropped EXE
-
\??\c:\9djdd.exec:\9djdd.exe32⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe33⤵
- Executes dropped EXE
-
\??\c:\3vddp.exec:\3vddp.exe34⤵
- Executes dropped EXE
-
\??\c:\3jvvd.exec:\3jvvd.exe35⤵
- Executes dropped EXE
-
\??\c:\xxrxffl.exec:\xxrxffl.exe36⤵
- Executes dropped EXE
-
\??\c:\7bbhtb.exec:\7bbhtb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\frlffxf.exec:\frlffxf.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlxflr.exec:\fxlxflr.exe40⤵
- Executes dropped EXE
-
\??\c:\5thntt.exec:\5thntt.exe41⤵
- Executes dropped EXE
-
\??\c:\7jvdj.exec:\7jvdj.exe42⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\9pvvd.exec:\9pvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\3vjjv.exec:\3vjjv.exe48⤵
- Executes dropped EXE
-
\??\c:\3lflrrr.exec:\3lflrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlfffl.exec:\xrlfffl.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrxxxl.exec:\lfrxxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\nbtnhn.exec:\nbtnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrxxxf.exec:\fxrxxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\1nhntb.exec:\1nhntb.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe61⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe62⤵
- Executes dropped EXE
-
\??\c:\lllxlrl.exec:\lllxlrl.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlrxff.exec:\7rlrxff.exe64⤵
- Executes dropped EXE
-
\??\c:\9bttbb.exec:\9bttbb.exe65⤵
- Executes dropped EXE
-
\??\c:\1jvvv.exec:\1jvvv.exe66⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe67⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe68⤵
-
\??\c:\hbbbth.exec:\hbbbth.exe69⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe70⤵
-
\??\c:\5vjjp.exec:\5vjjp.exe71⤵
-
\??\c:\3rrrllr.exec:\3rrrllr.exe72⤵
-
\??\c:\hhthtt.exec:\hhthtt.exe73⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe74⤵
-
\??\c:\7vddp.exec:\7vddp.exe75⤵
-
\??\c:\1xrrrll.exec:\1xrrrll.exe76⤵
-
\??\c:\7fllxrx.exec:\7fllxrx.exe77⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe78⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe79⤵
-
\??\c:\3vjdj.exec:\3vjdj.exe80⤵
-
\??\c:\5fffllx.exec:\5fffllx.exe81⤵
-
\??\c:\5lxrxfr.exec:\5lxrxfr.exe82⤵
-
\??\c:\1tbttn.exec:\1tbttn.exe83⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe84⤵
-
\??\c:\7lrrlfl.exec:\7lrrlfl.exe85⤵
-
\??\c:\lxllrxf.exec:\lxllrxf.exe86⤵
-
\??\c:\bntbbt.exec:\bntbbt.exe87⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe88⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe89⤵
-
\??\c:\1xrlrrx.exec:\1xrlrrx.exe90⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe91⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe92⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe93⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe94⤵
-
\??\c:\3xrlrrx.exec:\3xrlrrx.exe95⤵
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe96⤵
-
\??\c:\5btbtt.exec:\5btbtt.exe97⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe98⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe99⤵
-
\??\c:\rlffrrx.exec:\rlffrrx.exe100⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe101⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe102⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe103⤵
-
\??\c:\1jddj.exec:\1jddj.exe104⤵
-
\??\c:\5xxxflr.exec:\5xxxflr.exe105⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe106⤵
-
\??\c:\7bnhnn.exec:\7bnhnn.exe107⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe108⤵
-
\??\c:\xrflrxr.exec:\xrflrxr.exe109⤵
-
\??\c:\5rrrrxf.exec:\5rrrrxf.exe110⤵
-
\??\c:\hbnthb.exec:\hbnthb.exe111⤵
-
\??\c:\btbthb.exec:\btbthb.exe112⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe113⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe114⤵
-
\??\c:\5xfrrrx.exec:\5xfrrrx.exe115⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe116⤵
-
\??\c:\1tbbhh.exec:\1tbbhh.exe117⤵
-
\??\c:\pdppv.exec:\pdppv.exe118⤵
-
\??\c:\lfxrffl.exec:\lfxrffl.exe119⤵
-
\??\c:\3frrxxf.exec:\3frrxxf.exe120⤵
-
\??\c:\7tbbbb.exec:\7tbbbb.exe121⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe122⤵
-
\??\c:\jdppv.exec:\jdppv.exe123⤵
-
\??\c:\fxrrflx.exec:\fxrrflx.exe124⤵
-
\??\c:\7xllrrx.exec:\7xllrrx.exe125⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe126⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe127⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe128⤵
-
\??\c:\9rxrlll.exec:\9rxrlll.exe129⤵
-
\??\c:\9xffrxf.exec:\9xffrxf.exe130⤵
-
\??\c:\hnhnnn.exec:\hnhnnn.exe131⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe132⤵
-
\??\c:\1djjj.exec:\1djjj.exe133⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe134⤵
-
\??\c:\rrllrxx.exec:\rrllrxx.exe135⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe136⤵
-
\??\c:\7nhhnn.exec:\7nhhnn.exe137⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe138⤵
-
\??\c:\llffllx.exec:\llffllx.exe139⤵
-
\??\c:\frfflrx.exec:\frfflrx.exe140⤵
-
\??\c:\ntnbbh.exec:\ntnbbh.exe141⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe142⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe143⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe144⤵
-
\??\c:\fxllxrr.exec:\fxllxrr.exe145⤵
-
\??\c:\btthnt.exec:\btthnt.exe146⤵
-
\??\c:\9xlflrl.exec:\9xlflrl.exe147⤵
-
\??\c:\xlrxfxf.exec:\xlrxfxf.exe148⤵
-
\??\c:\7thhnt.exec:\7thhnt.exe149⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe150⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe151⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe152⤵
-
\??\c:\lxllrxf.exec:\lxllrxf.exe153⤵
-
\??\c:\9bnnnn.exec:\9bnnnn.exe154⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe155⤵
-
\??\c:\1vppp.exec:\1vppp.exe156⤵
-
\??\c:\9ffllfl.exec:\9ffllfl.exe157⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe158⤵
-
\??\c:\bntthh.exec:\bntthh.exe159⤵
-
\??\c:\9vddd.exec:\9vddd.exe160⤵
-
\??\c:\1jvdd.exec:\1jvdd.exe161⤵
-
\??\c:\lflrrxf.exec:\lflrrxf.exe162⤵
-
\??\c:\1flffxx.exec:\1flffxx.exe163⤵
-
\??\c:\htbtbh.exec:\htbtbh.exe164⤵
-
\??\c:\5dppd.exec:\5dppd.exe165⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe166⤵
-
\??\c:\lfxflfr.exec:\lfxflfr.exe167⤵
-
\??\c:\9lxfrxx.exec:\9lxfrxx.exe168⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe169⤵
-
\??\c:\1nnhhn.exec:\1nnhhn.exe170⤵
-
\??\c:\pjddj.exec:\pjddj.exe171⤵
-
\??\c:\5lxxxxf.exec:\5lxxxxf.exe172⤵
-
\??\c:\1frrxlx.exec:\1frrxlx.exe173⤵
-
\??\c:\9hnntt.exec:\9hnntt.exe174⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe175⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe176⤵
-
\??\c:\1xlfxxl.exec:\1xlfxxl.exe177⤵
-
\??\c:\frlrlll.exec:\frlrlll.exe178⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe179⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe180⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe181⤵
-
\??\c:\rfxxffr.exec:\rfxxffr.exe182⤵
-
\??\c:\hthntt.exec:\hthntt.exe183⤵
-
\??\c:\7thttt.exec:\7thttt.exe184⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe185⤵
-
\??\c:\3vjjp.exec:\3vjjp.exe186⤵
-
\??\c:\xxlrrrf.exec:\xxlrrrf.exe187⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe188⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe189⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe190⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe191⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe192⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe193⤵
-
\??\c:\btnntn.exec:\btnntn.exe194⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe195⤵
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe196⤵
-
\??\c:\5xlrrxf.exec:\5xlrrxf.exe197⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe198⤵
-
\??\c:\1hhtbh.exec:\1hhtbh.exe199⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe200⤵
-
\??\c:\xrflrlx.exec:\xrflrlx.exe201⤵
-
\??\c:\1xfffll.exec:\1xfffll.exe202⤵
-
\??\c:\3nhhnt.exec:\3nhhnt.exe203⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe204⤵
-
\??\c:\1vvdd.exec:\1vvdd.exe205⤵
-
\??\c:\rfrlrlx.exec:\rfrlrlx.exe206⤵
-
\??\c:\5fllrrx.exec:\5fllrrx.exe207⤵
-
\??\c:\httbhh.exec:\httbhh.exe208⤵
-
\??\c:\7btnnn.exec:\7btnnn.exe209⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe210⤵
-
\??\c:\1dppp.exec:\1dppp.exe211⤵
-
\??\c:\7xffrrf.exec:\7xffrrf.exe212⤵
-
\??\c:\rxrfllr.exec:\rxrfllr.exe213⤵
-
\??\c:\ttthnt.exec:\ttthnt.exe214⤵
-
\??\c:\ppddd.exec:\ppddd.exe215⤵
-
\??\c:\pjddv.exec:\pjddv.exe216⤵
-
\??\c:\lxrxxfl.exec:\lxrxxfl.exe217⤵
-
\??\c:\rrlrxxx.exec:\rrlrxxx.exe218⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe219⤵
-
\??\c:\jdppp.exec:\jdppp.exe220⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe221⤵
-
\??\c:\xrllxfl.exec:\xrllxfl.exe222⤵
-
\??\c:\1nbtnt.exec:\1nbtnt.exe223⤵
-
\??\c:\hhbnnh.exec:\hhbnnh.exe224⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe225⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe226⤵
-
\??\c:\xrfflfl.exec:\xrfflfl.exe227⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe228⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe229⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe230⤵
-
\??\c:\rlffrxl.exec:\rlffrxl.exe231⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe232⤵
-
\??\c:\9htnbb.exec:\9htnbb.exe233⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe234⤵
-
\??\c:\7djpp.exec:\7djpp.exe235⤵
-
\??\c:\5jddp.exec:\5jddp.exe236⤵
-
\??\c:\1fxrrrf.exec:\1fxrrrf.exe237⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe238⤵
-
\??\c:\btnntt.exec:\btnntt.exe239⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe240⤵