Analysis
-
max time kernel
120s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
23/07/2024, 05:06
General
-
Target
6c8ed44f9927eca8853fdc07d51edb40N.exe
-
Size
54KB
-
MD5
6c8ed44f9927eca8853fdc07d51edb40
-
SHA1
8cd576735b902c442dd1e5c580994925e4ca66fb
-
SHA256
eabd50e083bb483e167e57f10b03129601e32d37bdac1a34309df2b1fcd52931
-
SHA512
a12649855e8ac6870b0b04521fbc34e2aa4ad7da93246d2f237e376b2c74d022a1382c3a64b7a45a68579b8ca31ef16b95b807086bdbb4ae9f3df85cb58450c8
-
SSDEEP
1536:fvQBeOGtrYS3srx93UBWfwC6Ggnouy8POtn:fhOmTsF93UYfwC6GIoutPwn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c8ed44f9927eca8853fdc07d51edb40N.exe"C:\Users\Admin\AppData\Local\Temp\6c8ed44f9927eca8853fdc07d51edb40N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfxxx.exec:\lfxfxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbhb.exec:\tnnbhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlrl.exec:\rxxrlrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnh.exec:\nhbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrxr.exec:\xrlfrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbtnn.exec:\1nbtnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnt.exec:\btttnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfrlx.exec:\flrfrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbthb.exec:\hnbthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpj.exec:\jpdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllll.exec:\xrlllll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhn.exec:\tntnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlll.exec:\lrxrlll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnntt.exec:\3tnntt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhbb.exec:\hnhhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxx.exec:\rllfxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrlflf.exec:\xlrlflf.exe24⤵
- Executes dropped EXE
-
\??\c:\hnnhhh.exec:\hnnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrrlrl.exec:\lfrrlrl.exe27⤵
- Executes dropped EXE
-
\??\c:\hhnhnn.exec:\hhnhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe30⤵
- Executes dropped EXE
-
\??\c:\9dvdj.exec:\9dvdj.exe31⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe32⤵
- Executes dropped EXE
-
\??\c:\lfffxrx.exec:\lfffxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\ntntnh.exec:\ntntnh.exe34⤵
- Executes dropped EXE
-
\??\c:\tbthhb.exec:\tbthhb.exe35⤵
- Executes dropped EXE
-
\??\c:\5ntthn.exec:\5ntthn.exe36⤵
- Executes dropped EXE
-
\??\c:\9pdvj.exec:\9pdvj.exe37⤵
- Executes dropped EXE
-
\??\c:\rllxfll.exec:\rllxfll.exe38⤵
- Executes dropped EXE
-
\??\c:\rllrxlr.exec:\rllrxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\thttnt.exec:\thttnt.exe40⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxxxfr.exec:\rrxxxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbbbh.exec:\hbbbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtntt.exec:\hhtntt.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe47⤵
- Executes dropped EXE
-
\??\c:\5fllxxx.exec:\5fllxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\3nnnnt.exec:\3nnnnt.exe49⤵
- Executes dropped EXE
-
\??\c:\hnbnbb.exec:\hnbnbb.exe50⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe51⤵
- Executes dropped EXE
-
\??\c:\lxlrllf.exec:\lxlrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\xlllffx.exec:\xlllffx.exe53⤵
- Executes dropped EXE
-
\??\c:\bnbhhn.exec:\bnbhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe55⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe56⤵
- Executes dropped EXE
-
\??\c:\frlxrrf.exec:\frlxrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\tbbnhb.exec:\tbbnhb.exe58⤵
- Executes dropped EXE
-
\??\c:\1tbthh.exec:\1tbthh.exe59⤵
- Executes dropped EXE
-
\??\c:\djpvd.exec:\djpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\lrrfrxr.exec:\lrrfrxr.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxxxll.exec:\fxxxxll.exe62⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxxrrx.exec:\xrxxrrx.exe66⤵
-
\??\c:\hhnbtt.exec:\hhnbtt.exe67⤵
-
\??\c:\hnnbtt.exec:\hnnbtt.exe68⤵
-
\??\c:\jpppp.exec:\jpppp.exe69⤵
-
\??\c:\3rxrlll.exec:\3rxrlll.exe70⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe71⤵
-
\??\c:\pppjv.exec:\pppjv.exe72⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe73⤵
-
\??\c:\3rffxfx.exec:\3rffxfx.exe74⤵
-
\??\c:\9btbth.exec:\9btbth.exe75⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe76⤵
-
\??\c:\rrfflxf.exec:\rrfflxf.exe77⤵
-
\??\c:\rlflxlr.exec:\rlflxlr.exe78⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe79⤵
-
\??\c:\ppddd.exec:\ppddd.exe80⤵
-
\??\c:\rffxfxr.exec:\rffxfxr.exe81⤵
-
\??\c:\rflllrr.exec:\rflllrr.exe82⤵
-
\??\c:\bttbbh.exec:\bttbbh.exe83⤵
-
\??\c:\pppdj.exec:\pppdj.exe84⤵
-
\??\c:\rxrrxrr.exec:\rxrrxrr.exe85⤵
-
\??\c:\xffffff.exec:\xffffff.exe86⤵
-
\??\c:\tntbth.exec:\tntbth.exe87⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe88⤵
-
\??\c:\1dvvp.exec:\1dvvp.exe89⤵
-
\??\c:\5rfxfrf.exec:\5rfxfrf.exe90⤵
-
\??\c:\lxrlxff.exec:\lxrlxff.exe91⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe92⤵
-
\??\c:\nnbbht.exec:\nnbbht.exe93⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe94⤵
-
\??\c:\rfllxfx.exec:\rfllxfx.exe95⤵
-
\??\c:\xxffxff.exec:\xxffxff.exe96⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe97⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe98⤵
-
\??\c:\9vpdd.exec:\9vpdd.exe99⤵
-
\??\c:\rrfflxx.exec:\rrfflxx.exe100⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe101⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe102⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe103⤵
-
\??\c:\flffflr.exec:\flffflr.exe104⤵
-
\??\c:\ntbtbh.exec:\ntbtbh.exe105⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe106⤵
-
\??\c:\hhhhnt.exec:\hhhhnt.exe107⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe108⤵
-
\??\c:\rfxffll.exec:\rfxffll.exe109⤵
-
\??\c:\fxxxxfx.exec:\fxxxxfx.exe110⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe111⤵
-
\??\c:\thnhbn.exec:\thnhbn.exe112⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe113⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe114⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe115⤵
-
\??\c:\bhntbh.exec:\bhntbh.exe116⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe117⤵
-
\??\c:\fflflxx.exec:\fflflxx.exe118⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe119⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe120⤵
-
\??\c:\flrrrrr.exec:\flrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-