Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/05/2024, 16:19
General
-
Target
virussign.com_e015238509e5b81b0e1fb61f1c6487c0.exe
-
Size
92KB
-
MD5
e015238509e5b81b0e1fb61f1c6487c0
-
SHA1
bafcb33301ddec161c69d7ff4a0b78c44ce8c034
-
SHA256
95926701f5cc48e904b5407d9d56776e8c3749937b6eaafe1d4838376fa099e5
-
SHA512
c51b25b684a271cf3d484fccf7a32b89afb94e390f3d11c0b0f7becfd23f2aa80e930120fade46456a0e0d795094713ba613b6fb8c6c9196360ddf8e4c3e6286
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21q:ymb3NkkiQ3mdBjFo73PYP1lri3K8GI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\virussign.com_e015238509e5b81b0e1fb61f1c6487c0.exe"C:\Users\Admin\AppData\Local\Temp\virussign.com_e015238509e5b81b0e1fb61f1c6487c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbnn.exec:\ttbbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbb.exec:\tntnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfllx.exec:\fflfllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxrx.exec:\lflfxrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllll.exec:\lfrllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvp.exec:\5pdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflffr.exec:\flflffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhn.exec:\nhtbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjp.exec:\pjjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrlxx.exec:\xrfrlxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxr.exec:\fflfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjv.exec:\jjjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdjp.exec:\5vdjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnnnt.exec:\3hnnnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddd.exec:\djddd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllxlf.exec:\lfllxlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvv.exec:\djvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\xfffxff.exec:\xfffxff.exe24⤵
- Executes dropped EXE
-
\??\c:\nntbhn.exec:\nntbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\5lrlfrr.exec:\5lrlfrr.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrxxll.exec:\xlrxxll.exe28⤵
- Executes dropped EXE
-
\??\c:\7hnnnt.exec:\7hnnnt.exe29⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe30⤵
- Executes dropped EXE
-
\??\c:\1pddj.exec:\1pddj.exe31⤵
- Executes dropped EXE
-
\??\c:\flxxxfl.exec:\flxxxfl.exe32⤵
- Executes dropped EXE
-
\??\c:\nthhbb.exec:\nthhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe35⤵
- Executes dropped EXE
-
\??\c:\5xfllll.exec:\5xfllll.exe36⤵
- Executes dropped EXE
-
\??\c:\rllrrxx.exec:\rllrrxx.exe37⤵
- Executes dropped EXE
-
\??\c:\thnbtn.exec:\thnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe39⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrllrxf.exec:\rrllrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\xlfflll.exec:\xlfflll.exe42⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\htbntb.exec:\htbntb.exe44⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe45⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe46⤵
- Executes dropped EXE
-
\??\c:\llfflrf.exec:\llfflrf.exe47⤵
- Executes dropped EXE
-
\??\c:\hnbbbb.exec:\hnbbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe51⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe53⤵
- Executes dropped EXE
-
\??\c:\vddjj.exec:\vddjj.exe54⤵
- Executes dropped EXE
-
\??\c:\1fffxff.exec:\1fffxff.exe55⤵
- Executes dropped EXE
-
\??\c:\lxfrxff.exec:\lxfrxff.exe56⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhhbtb.exec:\nhhbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe59⤵
- Executes dropped EXE
-
\??\c:\lffxxrr.exec:\lffxxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\1lffflf.exec:\1lffflf.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhbbb.exec:\nnhbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\tbtbbb.exec:\tbtbbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vddjj.exec:\vddjj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\rrrrxxf.exec:\rrrrxxf.exe66⤵
-
\??\c:\llrfxxl.exec:\llrfxxl.exe67⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe68⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe69⤵
-
\??\c:\djvdd.exec:\djvdd.exe70⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe71⤵
-
\??\c:\ffffxff.exec:\ffffxff.exe72⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe73⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe74⤵
-
\??\c:\jddjd.exec:\jddjd.exe75⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe76⤵
-
\??\c:\fffrrxx.exec:\fffrrxx.exe77⤵
-
\??\c:\rfxxlff.exec:\rfxxlff.exe78⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe79⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe80⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe81⤵
-
\??\c:\xxfrflf.exec:\xxfrflf.exe82⤵
-
\??\c:\xlfxxff.exec:\xlfxxff.exe83⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe84⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe85⤵
-
\??\c:\vjppj.exec:\vjppj.exe86⤵
-
\??\c:\fxxflrr.exec:\fxxflrr.exe87⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe88⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe89⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe90⤵
-
\??\c:\pppvp.exec:\pppvp.exe91⤵
-
\??\c:\llfffrr.exec:\llfffrr.exe92⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe93⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe94⤵
-
\??\c:\hbnbtt.exec:\hbnbtt.exe95⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe96⤵
-
\??\c:\rrlxrrr.exec:\rrlxrrr.exe97⤵
-
\??\c:\ffllrxx.exec:\ffllrxx.exe98⤵
-
\??\c:\lfffflr.exec:\lfffflr.exe99⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe100⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe101⤵
-
\??\c:\vddpp.exec:\vddpp.exe102⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe103⤵
-
\??\c:\frfllfl.exec:\frfllfl.exe104⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe105⤵
-
\??\c:\hntbht.exec:\hntbht.exe106⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe107⤵
-
\??\c:\dpppp.exec:\dpppp.exe108⤵
-
\??\c:\lflrlfx.exec:\lflrlfx.exe109⤵
-
\??\c:\lrflrrx.exec:\lrflrrx.exe110⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe111⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe112⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe113⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe114⤵
-
\??\c:\rxxffll.exec:\rxxffll.exe115⤵
-
\??\c:\lxfflrr.exec:\lxfflrr.exe116⤵
-
\??\c:\bhnttb.exec:\bhnttb.exe117⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe118⤵
-
\??\c:\btthhh.exec:\btthhh.exe119⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe120⤵
-
\??\c:\rrffflr.exec:\rrffflr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-