Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26-07-2024 10:02
General
-
Target
bdbff28d72bd1609e2ee58de7276b650N.exe
-
Size
369KB
-
MD5
bdbff28d72bd1609e2ee58de7276b650
-
SHA1
05fee06bd6600499f1dd2f9f0ace85e4efa77edd
-
SHA256
7e9169d97366482f060f562196ffe7856218047a1c06546556fd67e7f74f8a5e
-
SHA512
569acd3343bfe25c742bf955c4b718135163409566954a1d477958ec644f6412260cb264c6ddc37c6165bb35984c0e0fdd18b9135152baa659f9d7e782667a69
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOaKHpSwp9OD0Ibsc:y4wFHoS3eFaKHpNKbbsc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bdbff28d72bd1609e2ee58de7276b650N.exe"C:\Users\Admin\AppData\Local\Temp\bdbff28d72bd1609e2ee58de7276b650N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppv.exec:\jpppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlxxxf.exec:\5xlxxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnh.exec:\btbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxrl.exec:\xflfxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdv.exec:\5djdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbh.exec:\tnhbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxllx.exec:\rlfxllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnntb.exec:\ttnntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlll.exec:\ffxrlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxrfx.exec:\7xfxrfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjd.exec:\pvvjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnhh.exec:\tbtnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrlffx.exec:\5rrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfxl.exec:\lxxlfxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjd.exec:\vpvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\frlxlfr.exec:\frlxlfr.exe24⤵
- Executes dropped EXE
-
\??\c:\tttnhb.exec:\tttnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe26⤵
- Executes dropped EXE
-
\??\c:\rrrffxx.exec:\rrrffxx.exe27⤵
- Executes dropped EXE
-
\??\c:\fflfxxr.exec:\fflfxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhbbt.exec:\bhhbbt.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe30⤵
- Executes dropped EXE
-
\??\c:\5rrfxrl.exec:\5rrfxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\5ffrfrx.exec:\5ffrfrx.exe32⤵
- Executes dropped EXE
-
\??\c:\vjpdv.exec:\vjpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\frrffrl.exec:\frrffrl.exe34⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe38⤵
- Executes dropped EXE
-
\??\c:\llrfxrl.exec:\llrfxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\5tthbt.exec:\5tthbt.exe41⤵
- Executes dropped EXE
-
\??\c:\5jjdp.exec:\5jjdp.exe42⤵
- Executes dropped EXE
-
\??\c:\1xfllfx.exec:\1xfllfx.exe43⤵
- Executes dropped EXE
-
\??\c:\nntnht.exec:\nntnht.exe44⤵
- Executes dropped EXE
-
\??\c:\bhhtnn.exec:\bhhtnn.exe45⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\5frfxrf.exec:\5frfxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\frrlxrf.exec:\frrlxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtnhb.exec:\bbtnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\5rrlrrf.exec:\5rrlrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\fllrlrf.exec:\fllrlrf.exe52⤵
- Executes dropped EXE
-
\??\c:\5jjpv.exec:\5jjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\9ddpd.exec:\9ddpd.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrrffr.exec:\rfrrffr.exe55⤵
- Executes dropped EXE
-
\??\c:\bhhtht.exec:\bhhtht.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxxxxl.exec:\rrxxxxl.exe59⤵
- Executes dropped EXE
-
\??\c:\5nttnn.exec:\5nttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe62⤵
- Executes dropped EXE
-
\??\c:\xfrrrrl.exec:\xfrrrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\bthhhb.exec:\bthhhb.exe64⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe65⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe66⤵
-
\??\c:\rrlxflf.exec:\rrlxflf.exe67⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe68⤵
-
\??\c:\vjddp.exec:\vjddp.exe69⤵
-
\??\c:\djdvp.exec:\djdvp.exe70⤵
-
\??\c:\9lrrxxl.exec:\9lrrxxl.exe71⤵
-
\??\c:\frfxrxr.exec:\frfxrxr.exe72⤵
-
\??\c:\7hnhhb.exec:\7hnhhb.exe73⤵
-
\??\c:\vdddv.exec:\vdddv.exe74⤵
-
\??\c:\9xxrflf.exec:\9xxrflf.exe75⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe76⤵
-
\??\c:\5hbtnh.exec:\5hbtnh.exe77⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe78⤵
-
\??\c:\xrfxflr.exec:\xrfxflr.exe79⤵
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe80⤵
-
\??\c:\bnhnhn.exec:\bnhnhn.exe81⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1pvpj.exec:\1pvpj.exe83⤵
-
\??\c:\lxxxffl.exec:\lxxxffl.exe84⤵
-
\??\c:\bhthnb.exec:\bhthnb.exe85⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe86⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe87⤵
-
\??\c:\3fxrllx.exec:\3fxrllx.exe88⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe89⤵
-
\??\c:\pjppj.exec:\pjppj.exe90⤵
-
\??\c:\lflllfr.exec:\lflllfr.exe91⤵
-
\??\c:\xflffxr.exec:\xflffxr.exe92⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe93⤵
-
\??\c:\jddvp.exec:\jddvp.exe94⤵
-
\??\c:\lllllff.exec:\lllllff.exe95⤵
-
\??\c:\5hnhtt.exec:\5hnhtt.exe96⤵
-
\??\c:\pjddv.exec:\pjddv.exe97⤵
-
\??\c:\fffrxxr.exec:\fffrxxr.exe98⤵
-
\??\c:\5xfxffl.exec:\5xfxffl.exe99⤵
-
\??\c:\7bnhhh.exec:\7bnhhh.exe100⤵
-
\??\c:\djjdd.exec:\djjdd.exe101⤵
-
\??\c:\dddvp.exec:\dddvp.exe102⤵
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe103⤵
-
\??\c:\rffrrfl.exec:\rffrrfl.exe104⤵
-
\??\c:\bhntbt.exec:\bhntbt.exe105⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe106⤵
-
\??\c:\7pvpv.exec:\7pvpv.exe107⤵
-
\??\c:\5rxffrr.exec:\5rxffrr.exe108⤵
-
\??\c:\bbhnnn.exec:\bbhnnn.exe109⤵
-
\??\c:\7nhbtt.exec:\7nhbtt.exe110⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe111⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe112⤵
-
\??\c:\7ffxrll.exec:\7ffxrll.exe113⤵
-
\??\c:\nbthth.exec:\nbthth.exe114⤵
-
\??\c:\bntbtn.exec:\bntbtn.exe115⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe116⤵
-
\??\c:\lfxfxrx.exec:\lfxfxrx.exe117⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe118⤵
-
\??\c:\9thbhb.exec:\9thbhb.exe119⤵
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe120⤵
-
\??\c:\rxlfrxr.exec:\rxlfrxr.exe121⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe122⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe123⤵
-
\??\c:\jdddd.exec:\jdddd.exe124⤵
-
\??\c:\rllrxxx.exec:\rllrxxx.exe125⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe126⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe127⤵
-
\??\c:\7djdd.exec:\7djdd.exe128⤵
-
\??\c:\rfxrllx.exec:\rfxrllx.exe129⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe130⤵
-
\??\c:\tbhntb.exec:\tbhntb.exe131⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe132⤵
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe133⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe134⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe135⤵
-
\??\c:\pppdv.exec:\pppdv.exe136⤵
-
\??\c:\xlrlllr.exec:\xlrlllr.exe137⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe138⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe139⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe140⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe141⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe142⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe143⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe144⤵
-
\??\c:\dpppj.exec:\dpppj.exe145⤵
-
\??\c:\rffffff.exec:\rffffff.exe146⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe147⤵
-
\??\c:\vpppj.exec:\vpppj.exe148⤵
-
\??\c:\lxrrrrx.exec:\lxrrrrx.exe149⤵
-
\??\c:\3hnnnn.exec:\3hnnnn.exe150⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htbnnt.exec:\htbnnt.exe151⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe152⤵
-
\??\c:\7xlrrxr.exec:\7xlrrxr.exe153⤵
-
\??\c:\3hhhbb.exec:\3hhhbb.exe154⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe155⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe156⤵
-
\??\c:\lfrfffl.exec:\lfrfffl.exe157⤵
-
\??\c:\htbtbn.exec:\htbtbn.exe158⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe159⤵
-
\??\c:\rflllff.exec:\rflllff.exe160⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe161⤵
-
\??\c:\3nnhhn.exec:\3nnhhn.exe162⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe163⤵
-
\??\c:\fffllrl.exec:\fffllrl.exe164⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe165⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe166⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe167⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe168⤵
-
\??\c:\nbhbht.exec:\nbhbht.exe169⤵
-
\??\c:\9hnhbb.exec:\9hnhbb.exe170⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe171⤵
-
\??\c:\3xxxlll.exec:\3xxxlll.exe172⤵
-
\??\c:\frrllff.exec:\frrllff.exe173⤵
-
\??\c:\httnhh.exec:\httnhh.exe174⤵
-
\??\c:\3jppv.exec:\3jppv.exe175⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe176⤵
-
\??\c:\rffxrfl.exec:\rffxrfl.exe177⤵
-
\??\c:\tbbttb.exec:\tbbttb.exe178⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe179⤵
-
\??\c:\xrrffrf.exec:\xrrffrf.exe180⤵
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe181⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe182⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe183⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe184⤵
-
\??\c:\frlxlxf.exec:\frlxlxf.exe185⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe186⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe187⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe188⤵
-
\??\c:\7rxxxxx.exec:\7rxxxxx.exe189⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe190⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe191⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe192⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe193⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tbnbnt.exec:\tbnbnt.exe194⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe195⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe196⤵
-
\??\c:\xxfxrrf.exec:\xxfxrrf.exe197⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe198⤵
-
\??\c:\7hbtbb.exec:\7hbtbb.exe199⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe200⤵
-
\??\c:\xlrllrl.exec:\xlrllrl.exe201⤵
-
\??\c:\bnnbnt.exec:\bnnbnt.exe202⤵
-
\??\c:\tnntht.exec:\tnntht.exe203⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe204⤵
-
\??\c:\flrlrlx.exec:\flrlrlx.exe205⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe206⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe207⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe208⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe209⤵
-
\??\c:\3xrfrrl.exec:\3xrfrrl.exe210⤵
-
\??\c:\tnbnbt.exec:\tnbnbt.exe211⤵
-
\??\c:\vvddd.exec:\vvddd.exe212⤵
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe213⤵
-
\??\c:\bhnhht.exec:\bhnhht.exe214⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe215⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe216⤵
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe217⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe218⤵
-
\??\c:\tbnhnn.exec:\tbnhnn.exe219⤵
-
\??\c:\3ppvp.exec:\3ppvp.exe220⤵
-
\??\c:\lfffxrl.exec:\lfffxrl.exe221⤵
-
\??\c:\rfrlxlx.exec:\rfrlxlx.exe222⤵
-
\??\c:\ntbnhn.exec:\ntbnhn.exe223⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe224⤵
-
\??\c:\xllfxrr.exec:\xllfxrr.exe225⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe226⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe227⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe228⤵
-
\??\c:\rfffxfx.exec:\rfffxfx.exe229⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe230⤵
-
\??\c:\lxrfxlf.exec:\lxrfxlf.exe231⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe232⤵
-
\??\c:\djppp.exec:\djppp.exe233⤵
-
\??\c:\1xxrrrl.exec:\1xxrrrl.exe234⤵
-
\??\c:\1bbntb.exec:\1bbntb.exe235⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe236⤵
-
\??\c:\9vvpp.exec:\9vvpp.exe237⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe238⤵
-
\??\c:\9ffxffl.exec:\9ffxffl.exe239⤵
-
\??\c:\nthtbt.exec:\nthtbt.exe240⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe241⤵