Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
10-06-2024 12:31
General
-
Target
5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2.exe
-
Size
75KB
-
MD5
c8b7340b884ce99d9b011dc9fec0e09f
-
SHA1
ee65c5c214ca4dd749f917be532c2a7e1a312630
-
SHA256
5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2
-
SHA512
07a4e2702750e9a67706845a8fcdfa4892bb1f57ffe677b9e9a705bf4749a5e405e0ffc11f216b1fe44f22187ee3ee54f3e44bfe7c609a1d65085763fa3fc924
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot0ijs:ymb3NkkiQ3mdBjFWXkj7afoS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2.exe"C:\Users\Admin\AppData\Local\Temp\5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppp.exec:\pdppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflrfr.exec:\rfflrfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthh.exec:\btnthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpp.exec:\ppjpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrllr.exec:\rrlrllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhtt.exec:\9hnhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpp.exec:\vvjpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflxfr.exec:\rrflxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrfr.exec:\lfffrfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhh.exec:\tnbbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpd.exec:\ppvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrfrxr.exec:\7rrfrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhtn.exec:\5hhhtn.exe17⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe18⤵
- Executes dropped EXE
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\bbthtt.exec:\bbthtt.exe20⤵
- Executes dropped EXE
-
\??\c:\5ppvp.exec:\5ppvp.exe21⤵
- Executes dropped EXE
-
\??\c:\rfxflrf.exec:\rfxflrf.exe22⤵
- Executes dropped EXE
-
\??\c:\5fffrrl.exec:\5fffrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\ntbthb.exec:\ntbthb.exe24⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrfllf.exec:\rrrfllf.exe26⤵
- Executes dropped EXE
-
\??\c:\xrllllx.exec:\xrllllx.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\1frrxxl.exec:\1frrxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\5bnbht.exec:\5bnbht.exe32⤵
- Executes dropped EXE
-
\??\c:\7bbbbn.exec:\7bbbbn.exe33⤵
- Executes dropped EXE
-
\??\c:\3dpvd.exec:\3dpvd.exe34⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\fffflrx.exec:\fffflrx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\3vvpv.exec:\3vvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\lflflxf.exec:\lflflxf.exe41⤵
- Executes dropped EXE
-
\??\c:\xxlxfff.exec:\xxlxfff.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\tntbhh.exec:\tntbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrxfff.exec:\xxrxfff.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxxfff.exec:\rlxxfff.exe47⤵
- Executes dropped EXE
-
\??\c:\9tnhhh.exec:\9tnhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\7djpp.exec:\7djpp.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe51⤵
- Executes dropped EXE
-
\??\c:\9lfxlrf.exec:\9lfxlrf.exe52⤵
- Executes dropped EXE
-
\??\c:\nntbtb.exec:\nntbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe55⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe56⤵
- Executes dropped EXE
-
\??\c:\flrxfff.exec:\flrxfff.exe57⤵
- Executes dropped EXE
-
\??\c:\fffrrrl.exec:\fffrrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtbnb.exec:\bbtbnb.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\9vppd.exec:\9vppd.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxflrx.exec:\lfxflrx.exe63⤵
- Executes dropped EXE
-
\??\c:\rlflfrf.exec:\rlflfrf.exe64⤵
- Executes dropped EXE
-
\??\c:\bbtbbb.exec:\bbtbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe66⤵
-
\??\c:\9dvdp.exec:\9dvdp.exe67⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe68⤵
-
\??\c:\7fxrfll.exec:\7fxrfll.exe69⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe70⤵
-
\??\c:\rllxfll.exec:\rllxfll.exe71⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe72⤵
-
\??\c:\nbnbnt.exec:\nbnbnt.exe73⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe74⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe75⤵
-
\??\c:\xlfflrx.exec:\xlfflrx.exe76⤵
-
\??\c:\7lxfrrx.exec:\7lxfrrx.exe77⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe78⤵
-
\??\c:\1pjdp.exec:\1pjdp.exe79⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe80⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe81⤵
-
\??\c:\lfxrxll.exec:\lfxrxll.exe82⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe83⤵
-
\??\c:\7tnnhb.exec:\7tnnhb.exe84⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe85⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe86⤵
-
\??\c:\xrlllll.exec:\xrlllll.exe87⤵
-
\??\c:\rlrfxfr.exec:\rlrfxfr.exe88⤵
-
\??\c:\7bttbb.exec:\7bttbb.exe89⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe90⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe91⤵
-
\??\c:\9rlfrxl.exec:\9rlfrxl.exe92⤵
-
\??\c:\lxfxxfx.exec:\lxfxxfx.exe93⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe94⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe95⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe96⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe97⤵
-
\??\c:\7fffllr.exec:\7fffllr.exe98⤵
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe99⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe100⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe101⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe102⤵
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe103⤵
-
\??\c:\rlrxflx.exec:\rlrxflx.exe104⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe105⤵
-
\??\c:\5tnhhh.exec:\5tnhhh.exe106⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe107⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe108⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe109⤵
-
\??\c:\ffxfllx.exec:\ffxfllx.exe110⤵
-
\??\c:\9xxfxrf.exec:\9xxfxrf.exe111⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe112⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe113⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe114⤵
-
\??\c:\djpdd.exec:\djpdd.exe115⤵
-
\??\c:\rrflxfx.exec:\rrflxfx.exe116⤵
-
\??\c:\rrlrlrl.exec:\rrlrlrl.exe117⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe118⤵
-
\??\c:\hhhnbb.exec:\hhhnbb.exe119⤵
-
\??\c:\dvppp.exec:\dvppp.exe120⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-