Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25-06-2024 04:39
General
-
Target
fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a.exe
-
Size
229KB
-
MD5
3262ccdb247c8c37b27cd50c2635a9c7
-
SHA1
10be05e5090125771aeca98253a2a8069ca21742
-
SHA256
fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a
-
SHA512
10497b6f527fe5d40fe06c7fd03970eae2cef3ce79ad583372adf4c7d2f09f3fcc037ddf26bdcb519536cfd780383d4375242173e1c10cb90c8534df915ef001
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1N:n3C9BRo7MlrWKo+lxKk1N
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a.exe"C:\Users\Admin\AppData\Local\Temp\fc24043979b90443f4707c6ab71b284fe7e563ac61ad3dc972b8a4b053522b8a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffrlf.exec:\9fffrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrfxr.exec:\lxfrfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddp.exec:\vjddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrxfl.exec:\lffrxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlffxr.exec:\fxlffxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtth.exec:\nnhtth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttnbt.exec:\9ttnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllffx.exec:\ffllffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflffr.exec:\ffflffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnn.exec:\nhhhnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpd.exec:\ppvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxrl.exec:\xlrlxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxrrl.exec:\frlxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbbb.exec:\nhbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe25⤵
- Executes dropped EXE
-
\??\c:\llfxxrl.exec:\llfxxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\rrfrxxx.exec:\rrfrxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\bnhnht.exec:\bnhnht.exe28⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe31⤵
- Executes dropped EXE
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe35⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe36⤵
- Executes dropped EXE
-
\??\c:\1lfxfxl.exec:\1lfxfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\thnbtt.exec:\thnbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\7tnbnb.exec:\7tnbnb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xffxfxr.exec:\xffxfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbbtn.exec:\ttbbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\xflfxrr.exec:\xflfxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrxlxxr.exec:\xrxlxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\frrrrrl.exec:\frrrrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\bththb.exec:\bththb.exe55⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe58⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\7lflxxf.exec:\7lflxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\ntttbh.exec:\ntttbh.exe61⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\5jdpd.exec:\5jdpd.exe63⤵
- Executes dropped EXE
-
\??\c:\xrrfxxx.exec:\xrrfxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\7hhbbb.exec:\7hhbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe66⤵
-
\??\c:\lfrrfff.exec:\lfrrfff.exe67⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe68⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe69⤵
-
\??\c:\llxxflf.exec:\llxxflf.exe70⤵
-
\??\c:\7hhntt.exec:\7hhntt.exe71⤵
-
\??\c:\djpjv.exec:\djpjv.exe72⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe73⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe74⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe75⤵
-
\??\c:\lxffflr.exec:\lxffflr.exe76⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe77⤵
-
\??\c:\rlxfxrx.exec:\rlxfxrx.exe78⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe79⤵
-
\??\c:\xffxrll.exec:\xffxrll.exe80⤵
-
\??\c:\tnnttn.exec:\tnnttn.exe81⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe82⤵
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe83⤵
-
\??\c:\lrlfrll.exec:\lrlfrll.exe84⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe85⤵
-
\??\c:\3flfrrr.exec:\3flfrrr.exe86⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe87⤵
-
\??\c:\5vppd.exec:\5vppd.exe88⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe89⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe90⤵
-
\??\c:\hnhnht.exec:\hnhnht.exe91⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe92⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe93⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe94⤵
-
\??\c:\5llfxrl.exec:\5llfxrl.exe95⤵
-
\??\c:\nthbtb.exec:\nthbtb.exe96⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe97⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe98⤵
-
\??\c:\fxrffxl.exec:\fxrffxl.exe99⤵
-
\??\c:\hnthtt.exec:\hnthtt.exe100⤵
-
\??\c:\jvddd.exec:\jvddd.exe101⤵
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe102⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe103⤵
-
\??\c:\xlffxrx.exec:\xlffxrx.exe104⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe105⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe106⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe107⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe108⤵
-
\??\c:\xfrlllr.exec:\xfrlllr.exe109⤵
-
\??\c:\9rxrrfl.exec:\9rxrrfl.exe110⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe111⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe112⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe113⤵
-
\??\c:\5xxrffx.exec:\5xxrffx.exe114⤵
-
\??\c:\ntnthh.exec:\ntnthh.exe115⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe116⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe117⤵
-
\??\c:\xfrlllx.exec:\xfrlllx.exe118⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe119⤵
-
\??\c:\jddvv.exec:\jddvv.exe120⤵
-
\??\c:\pdddd.exec:\pdddd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-