Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-08-2024 23:29
General
-
Target
1a2d9e4c5aec7b050a505295f7bffe10N.exe
-
Size
65KB
-
MD5
1a2d9e4c5aec7b050a505295f7bffe10
-
SHA1
cbc9869b86cbcacb3056382a1cb53ccda6c783c3
-
SHA256
2e2d4fe800919a2bfe1cfb7b6853a1fb1580467b3e0d05e900a7c18ec1fac99c
-
SHA512
a98a596a5699048593eb782318343352b9f2b4279e177039cf57c3dc4eca4f68aabda329fc8284f1a02a8534104d6c238d023e5e6824cb76c2bdeff5adb1950b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B5QL:ymb3NkkiQ3mdBjFI9c+L
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a2d9e4c5aec7b050a505295f7bffe10N.exe"C:\Users\Admin\AppData\Local\Temp\1a2d9e4c5aec7b050a505295f7bffe10N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnn.exec:\bthbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffxxr.exec:\xfffxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htttb.exec:\3htttb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpp.exec:\pjjpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrrx.exec:\xxllrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtn.exec:\hthbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppj.exec:\9dppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lllfxx.exec:\5lllfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbbb.exec:\nhbbbb.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrl.exec:\rllfxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbtt.exec:\httbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnhh.exec:\nbtnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvp.exec:\5vvvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrfxx.exec:\lxxrfxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\bhnhnh.exec:\bhnhnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfffxfl.exec:\lfffxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\xrrrlff.exec:\xrrrlff.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbnth.exec:\nhbnth.exe28⤵
- Executes dropped EXE
-
\??\c:\bhbbth.exec:\bhbbth.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe31⤵
- Executes dropped EXE
-
\??\c:\1xffxlf.exec:\1xffxlf.exe32⤵
- Executes dropped EXE
-
\??\c:\ttthbb.exec:\ttthbb.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbttt.exec:\bhbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\llfxlfx.exec:\llfxlfx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\hntnbb.exec:\hntnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe41⤵
- Executes dropped EXE
-
\??\c:\5jddp.exec:\5jddp.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\flrfrrl.exec:\flrfrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\tbhhhn.exec:\tbhhhn.exe45⤵
- Executes dropped EXE
-
\??\c:\7bthtn.exec:\7bthtn.exe46⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe48⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe52⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe53⤵
- Executes dropped EXE
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe55⤵
- Executes dropped EXE
-
\??\c:\thbtnt.exec:\thbtnt.exe56⤵
- Executes dropped EXE
-
\??\c:\xrxlfff.exec:\xrxlfff.exe57⤵
- Executes dropped EXE
-
\??\c:\9xxxrrl.exec:\9xxxrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe61⤵
- Executes dropped EXE
-
\??\c:\fflffff.exec:\fflffff.exe62⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\rlfxllf.exec:\rlfxllf.exe66⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe67⤵
-
\??\c:\vdddv.exec:\vdddv.exe68⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe69⤵
-
\??\c:\fxlfffx.exec:\fxlfffx.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe71⤵
-
\??\c:\bnhbbn.exec:\bnhbbn.exe72⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe73⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe74⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe75⤵
-
\??\c:\3hnnhh.exec:\3hnnhh.exe76⤵
-
\??\c:\btnbbt.exec:\btnbbt.exe77⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe78⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe79⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe80⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe81⤵
-
\??\c:\7tbtbb.exec:\7tbtbb.exe82⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe83⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe84⤵
-
\??\c:\lrxxrfl.exec:\lrxxrfl.exe85⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe86⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe87⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe88⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe89⤵
-
\??\c:\rfxlrlf.exec:\rfxlrlf.exe90⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe91⤵
-
\??\c:\nnnnhb.exec:\nnnnhb.exe92⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7pdvj.exec:\7pdvj.exe94⤵
-
\??\c:\1vdvj.exec:\1vdvj.exe95⤵
-
\??\c:\fxfrrrl.exec:\fxfrrrl.exe96⤵
-
\??\c:\rlrlffr.exec:\rlrlffr.exe97⤵
-
\??\c:\nnbhnn.exec:\nnbhnn.exe98⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe99⤵
-
\??\c:\9vjpd.exec:\9vjpd.exe100⤵
-
\??\c:\xrxlfff.exec:\xrxlfff.exe101⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe102⤵
-
\??\c:\llxrlrl.exec:\llxrlrl.exe103⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe104⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe105⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe106⤵
-
\??\c:\rfrlfxl.exec:\rfrlfxl.exe107⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe108⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe109⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe110⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe111⤵
-
\??\c:\7xxrxxl.exec:\7xxrxxl.exe112⤵
-
\??\c:\lrrrfrx.exec:\lrrrfrx.exe113⤵
-
\??\c:\nttthh.exec:\nttthh.exe114⤵
-
\??\c:\jddpp.exec:\jddpp.exe115⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe116⤵
-
\??\c:\xrlrfff.exec:\xrlrfff.exe117⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe118⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe119⤵
-
\??\c:\3dpdv.exec:\3dpdv.exe120⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-