Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
25/05/2024, 20:14
General
-
Target
190a1474af89729a306e773f782feb00_NeikiAnalytics.exe
-
Size
655KB
-
MD5
190a1474af89729a306e773f782feb00
-
SHA1
1a82d81c38809ada2ea36862fd503084d1494c68
-
SHA256
398c30e69449cd9ce77be84dddf3842977789d0eb06a41c4e4258f992be54bf9
-
SHA512
fbb12b630f35ba37eb70be66107df02b8aae0149e96719173fc1bc8711af00ce64ebf73df0c8108b19861c6732be5ed6060811025c202a9a6881bd7afd0533fb
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL5oeEF5rna9sUxg7udOxPJVSjYg8lcmJ1MZxEkTsU:SgD4bhoqLDqYLS7wv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\190a1474af89729a306e773f782feb00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\190a1474af89729a306e773f782feb00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrflr.exec:\lfrrflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxxrl.exec:\rxxxxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjv.exec:\vjjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrffll.exec:\flrffll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfrxr.exec:\lrxfrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpp.exec:\dvvpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrxfl.exec:\fxxrxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllxxf.exec:\xfllxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhntn.exec:\nbhntn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxl.exec:\frrlfxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdv.exec:\vdvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbn.exec:\bthnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntnb.exec:\ttntnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppdd.exec:\5ppdd.exe17⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe18⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe19⤵
- Executes dropped EXE
-
\??\c:\frxrlrx.exec:\frxrlrx.exe20⤵
- Executes dropped EXE
-
\??\c:\xrfffll.exec:\xrfffll.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbtbn.exec:\hhbtbn.exe22⤵
- Executes dropped EXE
-
\??\c:\xrxrlfr.exec:\xrxrlfr.exe23⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhbnb.exec:\hbhbnb.exe25⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhnbb.exec:\nhhnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe28⤵
- Executes dropped EXE
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\xlfrxlf.exec:\xlfrxlf.exe30⤵
- Executes dropped EXE
-
\??\c:\btthtb.exec:\btthtb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe32⤵
- Executes dropped EXE
-
\??\c:\9xxrlfl.exec:\9xxrlfl.exe33⤵
- Executes dropped EXE
-
\??\c:\3pdvd.exec:\3pdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\rxrrxrf.exec:\rxrrxrf.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxlllx.exec:\ffxlllx.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe37⤵
- Executes dropped EXE
-
\??\c:\9vjvd.exec:\9vjvd.exe38⤵
- Executes dropped EXE
-
\??\c:\llrxflr.exec:\llrxflr.exe39⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe40⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe41⤵
- Executes dropped EXE
-
\??\c:\llrlffx.exec:\llrlffx.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhtbn.exec:\hbhtbn.exe43⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\flrlrrl.exec:\flrlrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\hhbbnh.exec:\hhbbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe48⤵
- Executes dropped EXE
-
\??\c:\rlffrxr.exec:\rlffrxr.exe49⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe51⤵
- Executes dropped EXE
-
\??\c:\5fllxfr.exec:\5fllxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\bthtnb.exec:\bthtnb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\fxfxxrl.exec:\fxfxxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\btbnnt.exec:\btbnnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlxllr.exec:\xrlxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\7thbhb.exec:\7thbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\9lflxlf.exec:\9lflxlf.exe62⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe63⤵
- Executes dropped EXE
-
\??\c:\7dppv.exec:\7dppv.exe64⤵
- Executes dropped EXE
-
\??\c:\fffrflf.exec:\fffrflf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbtth.exec:\hhbtth.exe66⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe67⤵
-
\??\c:\rflrlrf.exec:\rflrlrf.exe68⤵
-
\??\c:\9tbhnb.exec:\9tbhnb.exe69⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe70⤵
-
\??\c:\xxfrxxr.exec:\xxfrxxr.exe71⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe72⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe73⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe74⤵
-
\??\c:\rrfrlfl.exec:\rrfrlfl.exe75⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe76⤵
-
\??\c:\vvppj.exec:\vvppj.exe77⤵
-
\??\c:\lffrxxf.exec:\lffrxxf.exe78⤵
-
\??\c:\1btbnb.exec:\1btbnb.exe79⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe80⤵
-
\??\c:\xxllffr.exec:\xxllffr.exe81⤵
-
\??\c:\3thhbh.exec:\3thhbh.exe82⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe83⤵
-
\??\c:\djdjp.exec:\djdjp.exe84⤵
-
\??\c:\fllrfrl.exec:\fllrfrl.exe85⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe86⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe87⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe88⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe89⤵
-
\??\c:\pddpp.exec:\pddpp.exe90⤵
-
\??\c:\1fxxxfx.exec:\1fxxxfx.exe91⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe92⤵
-
\??\c:\rffrflx.exec:\rffrflx.exe93⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe94⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe95⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe96⤵
-
\??\c:\fxrxrlx.exec:\fxrxrlx.exe97⤵
-
\??\c:\tnnhth.exec:\tnnhth.exe98⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe99⤵
-
\??\c:\xrlrxxx.exec:\xrlrxxx.exe100⤵
-
\??\c:\3bhbbb.exec:\3bhbbb.exe101⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe102⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe103⤵
-
\??\c:\xrxfrrl.exec:\xrxfrrl.exe104⤵
-
\??\c:\bbtnbn.exec:\bbtnbn.exe105⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe106⤵
-
\??\c:\3xxlfxx.exec:\3xxlfxx.exe107⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe108⤵
-
\??\c:\hbnhnt.exec:\hbnhnt.exe109⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe110⤵
-
\??\c:\fxlrflf.exec:\fxlrflf.exe111⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe112⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe113⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe114⤵
-
\??\c:\lllfrxl.exec:\lllfrxl.exe115⤵
-
\??\c:\nnntbt.exec:\nnntbt.exe116⤵
-
\??\c:\vppdv.exec:\vppdv.exe117⤵
-
\??\c:\flfxfrf.exec:\flfxfrf.exe118⤵
-
\??\c:\thhnhn.exec:\thhnhn.exe119⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe120⤵
-
\??\c:\pppjd.exec:\pppjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-