Analysis
-
max time kernel
150s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
25/05/2024, 09:48
General
-
Target
bacb4254802469638b1af51e0bf073c0_NeikiAnalytics.exe
-
Size
380KB
-
MD5
bacb4254802469638b1af51e0bf073c0
-
SHA1
ae9fc092d5789b094544d58ceaf805bd22889728
-
SHA256
be9125bf8d5baed4165273ec9d6c2f6194039db9692b4aaefb3f4ccc1ff816a0
-
SHA512
e7bbbc07718ab8326a9b8e76f6b4515fc74a7bee21b46c48b55bac0a7c495347ab52795621cfd53151e24fac7cd9e7b14638fbca3bbdb8940587cea8d74e28d6
-
SSDEEP
6144:Ocm4FmowdHoSsm4FIc1/cm4FmowdHoSsiNlcJcmHYC9/jvvfwL+TLPfSRcm4FVoX:w4wFHoSl4h4wFHoS24yTgL+zfu4/FHof
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bacb4254802469638b1af51e0bf073c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bacb4254802469638b1af51e0bf073c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddp.exec:\1dddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrllf.exec:\fxfrllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtntn.exec:\thtntn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdv.exec:\djpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppv.exec:\vdppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrllf.exec:\3fxrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhb.exec:\bbnnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvj.exec:\5vdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppv.exec:\vdppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtntn.exec:\nbtntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfxxl.exec:\lxrfxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbtnn.exec:\5hbtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfxrf.exec:\ffrfxrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnhtt.exec:\3hnhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbh.exec:\hbhhbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflrf.exec:\llxflrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbhb.exec:\3thbhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjv.exec:\9vpjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbnh.exec:\nbnbnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbth.exec:\bbhbth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrlxf.exec:\xflrlxf.exe23⤵
- Executes dropped EXE
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe24⤵
- Executes dropped EXE
-
\??\c:\7tnbtn.exec:\7tnbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\5lrfrlr.exec:\5lrfrlr.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrflff.exec:\rlrflff.exe28⤵
- Executes dropped EXE
-
\??\c:\tbtnhn.exec:\tbtnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\7djdp.exec:\7djdp.exe30⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe31⤵
- Executes dropped EXE
-
\??\c:\fffffll.exec:\fffffll.exe32⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\1nbbbn.exec:\1nbbbn.exe34⤵
- Executes dropped EXE
-
\??\c:\rxlfxll.exec:\rxlfxll.exe35⤵
- Executes dropped EXE
-
\??\c:\pvppv.exec:\pvppv.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\xrfrfxr.exec:\xrfrfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\bnntnt.exec:\bnntnt.exe43⤵
- Executes dropped EXE
-
\??\c:\5xxxrxx.exec:\5xxxrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlxlff.exec:\fxlxlff.exe47⤵
- Executes dropped EXE
-
\??\c:\frrxxrx.exec:\frrxxrx.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxxrll.exec:\fxxxrll.exe49⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\3lxrflf.exec:\3lxrflf.exe51⤵
- Executes dropped EXE
-
\??\c:\1lffffx.exec:\1lffffx.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbbbb.exec:\hhbbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxxxrx.exec:\xrxxxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\ffxlrrl.exec:\ffxlrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe57⤵
- Executes dropped EXE
-
\??\c:\1pdvd.exec:\1pdvd.exe58⤵
- Executes dropped EXE
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\hhnhhn.exec:\hhnhhn.exe60⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\fflfxlf.exec:\fflfxlf.exe62⤵
- Executes dropped EXE
-
\??\c:\tnntth.exec:\tnntth.exe63⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\ffllllx.exec:\ffllllx.exe65⤵
- Executes dropped EXE
-
\??\c:\5nttbh.exec:\5nttbh.exe66⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe67⤵
-
\??\c:\xllffrr.exec:\xllffrr.exe68⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe69⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe70⤵
-
\??\c:\xfllffx.exec:\xfllffx.exe71⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe72⤵
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe73⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe74⤵
-
\??\c:\1frrfll.exec:\1frrfll.exe75⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe76⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe77⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe78⤵
-
\??\c:\nttnnh.exec:\nttnnh.exe79⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe80⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe81⤵
-
\??\c:\lflfrll.exec:\lflfrll.exe82⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe83⤵
-
\??\c:\hththn.exec:\hththn.exe84⤵
-
\??\c:\1vppv.exec:\1vppv.exe85⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe86⤵
-
\??\c:\nnnbbn.exec:\nnnbbn.exe87⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe88⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe89⤵
-
\??\c:\9llxrfx.exec:\9llxrfx.exe90⤵
-
\??\c:\bnthbb.exec:\bnthbb.exe91⤵
-
\??\c:\bbntth.exec:\bbntth.exe92⤵
-
\??\c:\3djjp.exec:\3djjp.exe93⤵
-
\??\c:\fllrlxx.exec:\fllrlxx.exe94⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe95⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe96⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe97⤵
-
\??\c:\xlfrllf.exec:\xlfrllf.exe98⤵
-
\??\c:\lxfxllf.exec:\lxfxllf.exe99⤵
-
\??\c:\htthbt.exec:\htthbt.exe100⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe101⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe102⤵
-
\??\c:\7lrlfxf.exec:\7lrlfxf.exe103⤵
-
\??\c:\bbbnbn.exec:\bbbnbn.exe104⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe105⤵
-
\??\c:\djvjd.exec:\djvjd.exe106⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe107⤵
-
\??\c:\ffxxfxl.exec:\ffxxfxl.exe108⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe109⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe110⤵
-
\??\c:\frrxxxr.exec:\frrxxxr.exe111⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe112⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe113⤵
-
\??\c:\rlllxlf.exec:\rlllxlf.exe114⤵
-
\??\c:\lxxrxrf.exec:\lxxrxrf.exe115⤵
-
\??\c:\9tbbhh.exec:\9tbbhh.exe116⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe117⤵
-
\??\c:\lrlxlfx.exec:\lrlxlfx.exe118⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe119⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe120⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-