Analysis
-
max time kernel
150s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
-
submitted
01/08/2024, 22:35
General
-
Target
3fb075a131556c630300dbbe12b9352fba3640759d37f9ced4b7738aeea18521.exe
-
Size
250KB
-
MD5
b9565267b2735db164191e6b0a149fbd
-
SHA1
d71184b326c3b5fdd6526a258d5304653b62577d
-
SHA256
3fb075a131556c630300dbbe12b9352fba3640759d37f9ced4b7738aeea18521
-
SHA512
3da5edff109b1491baf701360d9536d4d930febe20fc1225ea0dda5757c4c1d201908c91adc3f9e02d490a1ed9e930e6b4731f8e71d0e23cefe6b3e0667f2bff
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR1oa:n3C9BRo7MlrWKo+lxtvGt1oa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3fb075a131556c630300dbbe12b9352fba3640759d37f9ced4b7738aeea18521.exe"C:\Users\Admin\AppData\Local\Temp\3fb075a131556c630300dbbe12b9352fba3640759d37f9ced4b7738aeea18521.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnn.exec:\hhnnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdv.exec:\djpdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrrf.exec:\lfffrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbnhh.exec:\5tbnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttb.exec:\nhtttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrxlr.exec:\rrfrxlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntnn.exec:\bhntnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntnhh.exec:\1ntnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrlr.exec:\lfrrrlr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnh.exec:\hbtnnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxxr.exec:\ffffxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjd.exec:\vjvjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hnnbnh.exec:\hnnbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe27⤵
- Executes dropped EXE
-
\??\c:\tttnth.exec:\tttnth.exe28⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe29⤵
- Executes dropped EXE
-
\??\c:\hbntnn.exec:\hbntnn.exe30⤵
- Executes dropped EXE
-
\??\c:\7vjdj.exec:\7vjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe32⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe33⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\xffxrll.exec:\xffxrll.exe35⤵
- Executes dropped EXE
-
\??\c:\5nttnh.exec:\5nttnh.exe36⤵
- Executes dropped EXE
-
\??\c:\7pjdd.exec:\7pjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\frlflfx.exec:\frlflfx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfxrfxl.exec:\rfxrfxl.exe42⤵
- Executes dropped EXE
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe44⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe45⤵
- Executes dropped EXE
-
\??\c:\lxlflfl.exec:\lxlflfl.exe46⤵
- Executes dropped EXE
-
\??\c:\lflrlfl.exec:\lflrlfl.exe47⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\1dvpj.exec:\1dvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\3lrlrrx.exec:\3lrlrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\7bnhtn.exec:\7bnhtn.exe52⤵
- Executes dropped EXE
-
\??\c:\5jvjp.exec:\5jvjp.exe53⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\lrlfrlx.exec:\lrlfrlx.exe55⤵
- Executes dropped EXE
-
\??\c:\3lfxrxx.exec:\3lfxrxx.exe56⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe58⤵
- Executes dropped EXE
-
\??\c:\rflrlll.exec:\rflrlll.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxxxlr.exec:\lfxxxlr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe61⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\rflrfff.exec:\rflrfff.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbbtb.exec:\nnbbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe66⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe67⤵
-
\??\c:\xlrlxxl.exec:\xlrlxxl.exe68⤵
-
\??\c:\nhnhth.exec:\nhnhth.exe69⤵
-
\??\c:\7pvjp.exec:\7pvjp.exe70⤵
-
\??\c:\lfxxfxx.exec:\lfxxfxx.exe71⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe72⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe73⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe74⤵
-
\??\c:\rrxrxll.exec:\rrxrxll.exe75⤵
-
\??\c:\xlxxrxr.exec:\xlxxrxr.exe76⤵
-
\??\c:\5nnhnn.exec:\5nnhnn.exe77⤵
-
\??\c:\vppdv.exec:\vppdv.exe78⤵
-
\??\c:\3fxrlrl.exec:\3fxrlrl.exe79⤵
-
\??\c:\7ntnhh.exec:\7ntnhh.exe80⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe81⤵
-
\??\c:\7jjvp.exec:\7jjvp.exe82⤵
-
\??\c:\lrlfrrx.exec:\lrlfrrx.exe83⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe84⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe85⤵
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe86⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe87⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe88⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe89⤵
-
\??\c:\xxfxxxf.exec:\xxfxxxf.exe90⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe91⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe92⤵
-
\??\c:\5xxrllx.exec:\5xxrllx.exe93⤵
-
\??\c:\7fxrffx.exec:\7fxrffx.exe94⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe95⤵
-
\??\c:\vddvp.exec:\vddvp.exe96⤵
-
\??\c:\3fxrllx.exec:\3fxrllx.exe97⤵
-
\??\c:\7xxrrrf.exec:\7xxrrrf.exe98⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe99⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe100⤵
-
\??\c:\ffxxrxr.exec:\ffxxrxr.exe101⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe102⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe103⤵
-
\??\c:\lxflfxx.exec:\lxflfxx.exe104⤵
-
\??\c:\1bhbbb.exec:\1bhbbb.exe105⤵
-
\??\c:\3jjvp.exec:\3jjvp.exe106⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe107⤵
-
\??\c:\lllrrrf.exec:\lllrrrf.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tbhhtn.exec:\tbhhtn.exe109⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe110⤵
-
\??\c:\lrfrllf.exec:\lrfrllf.exe111⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe112⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe113⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe114⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe115⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe116⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe117⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe118⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe119⤵
-
\??\c:\vddpj.exec:\vddpj.exe120⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-