Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27-05-2024 04:22
General
-
Target
f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1.exe
-
Size
247KB
-
MD5
64faf630f2df173f8bc440f5db9f7d72
-
SHA1
db21c91b016f48ef9c2cb6edad8ec2feae322eea
-
SHA256
f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1
-
SHA512
89645a481e32cd947517fa54630185aa6f05ed690fef53d68fcc89c5e17202165e9e29b13e9c13367666a8b5e7812fff1be60d5001e9fe56b298b80a3600134c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR17:n3C9BRo7MlrWKo+lxtvGt17
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1.exe"C:\Users\Admin\AppData\Local\Temp\f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxlfr.exec:\flrxlfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbh.exec:\bhbnbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxxxff.exec:\7lxxxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbhnb.exec:\9hbhnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrflx.exec:\rrrrflx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthbn.exec:\hhthbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxxr.exec:\rrllxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnn.exec:\hthnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjp.exec:\pvjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjpv.exec:\5pjpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxf.exec:\xxfxxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnhh.exec:\nbnnhh.exe17⤵
- Executes dropped EXE
-
\??\c:\3jvjv.exec:\3jvjv.exe18⤵
- Executes dropped EXE
-
\??\c:\flffllr.exec:\flffllr.exe19⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe20⤵
- Executes dropped EXE
-
\??\c:\1pjvv.exec:\1pjvv.exe21⤵
- Executes dropped EXE
-
\??\c:\rxxxlfx.exec:\rxxxlfx.exe22⤵
- Executes dropped EXE
-
\??\c:\nnbnnb.exec:\nnbnnb.exe23⤵
- Executes dropped EXE
-
\??\c:\7vdvv.exec:\7vdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\rxlxrrl.exec:\rxlxrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\9bbnhh.exec:\9bbnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\3hbbhh.exec:\3hbbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\llfxrrl.exec:\llfxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\5rffllf.exec:\5rffllf.exe29⤵
- Executes dropped EXE
-
\??\c:\7nthbt.exec:\7nthbt.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\xxrxxfr.exec:\xxrxxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe35⤵
- Executes dropped EXE
-
\??\c:\bhhtnh.exec:\bhhtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\1thntt.exec:\1thntt.exe37⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe38⤵
- Executes dropped EXE
-
\??\c:\1rrxrfr.exec:\1rrxrfr.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxrllr.exec:\lrxrllr.exe40⤵
- Executes dropped EXE
-
\??\c:\7nnhbh.exec:\7nnhbh.exe41⤵
- Executes dropped EXE
-
\??\c:\1dvvp.exec:\1dvvp.exe42⤵
- Executes dropped EXE
-
\??\c:\rflllfl.exec:\rflllfl.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlrlxf.exec:\xrlrlxf.exe44⤵
- Executes dropped EXE
-
\??\c:\nhtbbh.exec:\nhtbbh.exe45⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe46⤵
- Executes dropped EXE
-
\??\c:\7xllxxf.exec:\7xllxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxfllr.exec:\xlxfllr.exe48⤵
- Executes dropped EXE
-
\??\c:\ttbhth.exec:\ttbhth.exe49⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe50⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe51⤵
- Executes dropped EXE
-
\??\c:\xlrxrlr.exec:\xlrxrlr.exe52⤵
- Executes dropped EXE
-
\??\c:\7tnhtb.exec:\7tnhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\7vpjp.exec:\7vpjp.exe54⤵
- Executes dropped EXE
-
\??\c:\jpvjv.exec:\jpvjv.exe55⤵
- Executes dropped EXE
-
\??\c:\5rlrffr.exec:\5rlrffr.exe56⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\7hhnbh.exec:\7hhnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe59⤵
- Executes dropped EXE
-
\??\c:\fffrxrr.exec:\fffrxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\fffxrxr.exec:\fffxrxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe64⤵
- Executes dropped EXE
-
\??\c:\rxrxflf.exec:\rxrxflf.exe65⤵
- Executes dropped EXE
-
\??\c:\5rlrxfl.exec:\5rlrxfl.exe66⤵
-
\??\c:\9btthh.exec:\9btthh.exe67⤵
-
\??\c:\1pppp.exec:\1pppp.exe68⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe69⤵
-
\??\c:\xxrfrxf.exec:\xxrfrxf.exe70⤵
-
\??\c:\thbhtb.exec:\thbhtb.exe71⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe72⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe73⤵
-
\??\c:\1frlrrx.exec:\1frlrrx.exe74⤵
-
\??\c:\bnttht.exec:\bnttht.exe75⤵
-
\??\c:\bhnttn.exec:\bhnttn.exe76⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe77⤵
-
\??\c:\xxrxlfr.exec:\xxrxlfr.exe78⤵
-
\??\c:\7xxrxrl.exec:\7xxrxrl.exe79⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe80⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe81⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe82⤵
-
\??\c:\fxrflff.exec:\fxrflff.exe83⤵
-
\??\c:\tthbtn.exec:\tthbtn.exe84⤵
-
\??\c:\vppvj.exec:\vppvj.exe85⤵
-
\??\c:\rlrrxff.exec:\rlrrxff.exe86⤵
-
\??\c:\fffrrff.exec:\fffrrff.exe87⤵
-
\??\c:\tttthh.exec:\tttthh.exe88⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe89⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe90⤵
-
\??\c:\xrllrlx.exec:\xrllrlx.exe91⤵
-
\??\c:\fflrfxl.exec:\fflrfxl.exe92⤵
-
\??\c:\3tthth.exec:\3tthth.exe93⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe94⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe95⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe96⤵
-
\??\c:\hnthnn.exec:\hnthnn.exe97⤵
-
\??\c:\vjddp.exec:\vjddp.exe98⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe99⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe100⤵
-
\??\c:\7tttht.exec:\7tttht.exe101⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe102⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe103⤵
-
\??\c:\xrxxlrx.exec:\xrxxlrx.exe104⤵
-
\??\c:\3hbbhh.exec:\3hbbhh.exe105⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe106⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe107⤵
-
\??\c:\rrfxxlr.exec:\rrfxxlr.exe108⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe109⤵
-
\??\c:\1ntbht.exec:\1ntbht.exe110⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe111⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe112⤵
-
\??\c:\rrflfxx.exec:\rrflfxx.exe113⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe114⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe115⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe116⤵
-
\??\c:\xlxrffl.exec:\xlxrffl.exe117⤵
-
\??\c:\3btbnn.exec:\3btbnn.exe118⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe119⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe120⤵
-
\??\c:\lllrrxx.exec:\lllrrxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-