Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-06-2024 04:39
General
-
Target
fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a.exe
-
Size
229KB
-
MD5
3262ccdb247c8c37b27cd50c2635a9c7
-
SHA1
10be05e5090125771aeca98253a2a8069ca21742
-
SHA256
fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a
-
SHA512
10497b6f527fe5d40fe06c7fd03970eae2cef3ce79ad583372adf4c7d2f09f3fcc037ddf26bdcb519536cfd780383d4375242173e1c10cb90c8534df915ef001
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1N:n3C9BRo7MlrWKo+lxKk1N
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a.exe"C:\Users\Admin\AppData\Local\Temp\fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxfxl.exec:\lxlxfxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddj.exec:\jvddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntt.exec:\tnbntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxlxr.exec:\lfrxlxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllflf.exec:\9rllflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffrrl.exec:\xxffrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtt.exec:\ththtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdp.exec:\1djdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdj.exec:\vpvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxlfr.exec:\rfxxlfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnbnt.exec:\3bnbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfxlfr.exec:\9rfxlfr.exe17⤵
- Executes dropped EXE
-
\??\c:\3nbbnt.exec:\3nbbnt.exe18⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrrfxf.exec:\lfrrfxf.exe20⤵
- Executes dropped EXE
-
\??\c:\1xrxxfl.exec:\1xrxxfl.exe21⤵
- Executes dropped EXE
-
\??\c:\7nbbbb.exec:\7nbbbb.exe22⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxrxlrx.exec:\lxrxlrx.exe24⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\bttbhn.exec:\bttbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lrxxxll.exec:\lrxxxll.exe28⤵
- Executes dropped EXE
-
\??\c:\tbtnnn.exec:\tbtnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\3vpvj.exec:\3vpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\lfllrxf.exec:\lfllrxf.exe31⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\hhnttb.exec:\hhnttb.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\5xrrxxf.exec:\5xrrxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe36⤵
- Executes dropped EXE
-
\??\c:\nbbhnn.exec:\nbbhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\3pdvv.exec:\3pdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe39⤵
- Executes dropped EXE
-
\??\c:\rlfxflr.exec:\rlfxflr.exe40⤵
- Executes dropped EXE
-
\??\c:\xlflxrf.exec:\xlflxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\1ththt.exec:\1ththt.exe42⤵
- Executes dropped EXE
-
\??\c:\5jppv.exec:\5jppv.exe43⤵
- Executes dropped EXE
-
\??\c:\5jdpp.exec:\5jdpp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxlxllx.exec:\fxlxllx.exe45⤵
- Executes dropped EXE
-
\??\c:\rrfllrx.exec:\rrfllrx.exe46⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\3vjvd.exec:\3vjvd.exe49⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxfrfl.exec:\xxxfrfl.exe51⤵
- Executes dropped EXE
-
\??\c:\5lrxfrr.exec:\5lrxfrr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbnnhb.exec:\hbnnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe55⤵
- Executes dropped EXE
-
\??\c:\rflrffl.exec:\rflrffl.exe56⤵
- Executes dropped EXE
-
\??\c:\xrfxlfr.exec:\xrfxlfr.exe57⤵
- Executes dropped EXE
-
\??\c:\bthhtn.exec:\bthhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe60⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\5xfffff.exec:\5xfffff.exe62⤵
- Executes dropped EXE
-
\??\c:\bnhhtn.exec:\bnhhtn.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\7nthht.exec:\7nthht.exe65⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe66⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe67⤵
-
\??\c:\rrlxllr.exec:\rrlxllr.exe68⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe69⤵
-
\??\c:\9hnhhh.exec:\9hnhhh.exe70⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe71⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe72⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe73⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe74⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe75⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe76⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe77⤵
-
\??\c:\9fxxlfr.exec:\9fxxlfr.exe78⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe79⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe80⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe81⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe82⤵
-
\??\c:\xrxflrl.exec:\xrxflrl.exe83⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe84⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe85⤵
-
\??\c:\3jdvv.exec:\3jdvv.exe86⤵
-
\??\c:\flfrxrx.exec:\flfrxrx.exe87⤵
-
\??\c:\xrfrxlx.exec:\xrfrxlx.exe88⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe89⤵
-
\??\c:\bhbtbh.exec:\bhbtbh.exe90⤵
-
\??\c:\pdppj.exec:\pdppj.exe91⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe92⤵
-
\??\c:\5rrxxfr.exec:\5rrxxfr.exe93⤵
-
\??\c:\3xffflx.exec:\3xffflx.exe94⤵
-
\??\c:\tthnnn.exec:\tthnnn.exe95⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe96⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe97⤵
-
\??\c:\rlrrrfl.exec:\rlrrrfl.exe98⤵
-
\??\c:\xrfllrr.exec:\xrfllrr.exe99⤵
-
\??\c:\9htttt.exec:\9htttt.exe100⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe101⤵
-
\??\c:\5ppdv.exec:\5ppdv.exe102⤵
-
\??\c:\9xllllr.exec:\9xllllr.exe103⤵
-
\??\c:\fxrxlfl.exec:\fxrxlfl.exe104⤵
-
\??\c:\5btbbh.exec:\5btbbh.exe105⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe106⤵
-
\??\c:\3jvvp.exec:\3jvvp.exe107⤵
-
\??\c:\xxllxrf.exec:\xxllxrf.exe108⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe109⤵
-
\??\c:\3hbhth.exec:\3hbhth.exe110⤵
-
\??\c:\hbhtbb.exec:\hbhtbb.exe111⤵
-
\??\c:\3djpp.exec:\3djpp.exe112⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe113⤵
-
\??\c:\9lllrxr.exec:\9lllrxr.exe114⤵
-
\??\c:\xfxfrlx.exec:\xfxfrlx.exe115⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe116⤵
-
\??\c:\tntttb.exec:\tntttb.exe117⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe118⤵
-
\??\c:\rrflxfr.exec:\rrflxfr.exe119⤵
-
\??\c:\xxlxxxl.exec:\xxlxxxl.exe120⤵
-
\??\c:\3bthtb.exec:\3bthtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-