Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-08-2024 17:02
General
-
Target
bcd59a5d5abce27dc93da68869cab0a0N.exe
-
Size
67KB
-
MD5
bcd59a5d5abce27dc93da68869cab0a0
-
SHA1
9784ea18923646c33e031e75859a1556ac61d2f4
-
SHA256
7cfe0092b2321f7b90b56e25b6134b0d7022cb38f9453dfdb2a7ff87358f6d57
-
SHA512
cd455fedbbebc88b86c8a1e612e5bdb3ccc0778072e8bcb23a9b4d75b5b6172a14ccda78adb920afe583f8f58e5353c9b869b2ce17c6d939b8ed1ea53801e8af
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCO:ymb3NkkiQ3mdBjFIyna
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcd59a5d5abce27dc93da68869cab0a0N.exe"C:\Users\Admin\AppData\Local\Temp\bcd59a5d5abce27dc93da68869cab0a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlxrf.exec:\rfrlxrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfxr.exec:\fffrfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtn.exec:\bthbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdpv.exec:\3jdpv.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxrlfx.exec:\7xxrlfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllfl.exec:\frxllfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthb.exec:\hbbthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththbt.exec:\ththbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpv.exec:\9dvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfrlx.exec:\fllfrlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhb.exec:\bbtnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjv.exec:\1dvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxfxr.exec:\lrfxfxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhbbt.exec:\7nhbbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrffx.exec:\xfxrffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrllfr.exec:\lxrllfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnnbn.exec:\5nnnbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe23⤵
- Executes dropped EXE
-
\??\c:\frfrlff.exec:\frfrlff.exe24⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\bnnhnn.exec:\bnnhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\1lrffxx.exec:\1lrffxx.exe28⤵
- Executes dropped EXE
-
\??\c:\7hhbtt.exec:\7hhbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe31⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe32⤵
- Executes dropped EXE
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\rfxrlfr.exec:\rfxrlfr.exe34⤵
- Executes dropped EXE
-
\??\c:\nbnhtn.exec:\nbnhtn.exe35⤵
- Executes dropped EXE
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\btnhbh.exec:\btnhbh.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\7ffrxxr.exec:\7ffrxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\htthhb.exec:\htthhb.exe42⤵
- Executes dropped EXE
-
\??\c:\jjpdv.exec:\jjpdv.exe43⤵
- Executes dropped EXE
-
\??\c:\lxffxrl.exec:\lxffxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe45⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe48⤵
- Executes dropped EXE
-
\??\c:\9lfxrrr.exec:\9lfxrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxlrrf.exec:\fxxlrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\7thhbt.exec:\7thhbt.exe54⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe55⤵
- Executes dropped EXE
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe56⤵
- Executes dropped EXE
-
\??\c:\bnhtnh.exec:\bnhtnh.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe58⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe59⤵
- Executes dropped EXE
-
\??\c:\flrfrrr.exec:\flrfrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\rlfffxf.exec:\rlfffxf.exe61⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe64⤵
- Executes dropped EXE
-
\??\c:\lffrfxr.exec:\lffrfxr.exe65⤵
- Executes dropped EXE
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe66⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe67⤵
-
\??\c:\tbthbb.exec:\tbthbb.exe68⤵
-
\??\c:\jppjp.exec:\jppjp.exe69⤵
-
\??\c:\jvddd.exec:\jvddd.exe70⤵
-
\??\c:\lxfrlfr.exec:\lxfrlfr.exe71⤵
-
\??\c:\xfxxxrl.exec:\xfxxxrl.exe72⤵
-
\??\c:\5btnbt.exec:\5btnbt.exe73⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe74⤵
-
\??\c:\fxfxfrx.exec:\fxfxfrx.exe75⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe76⤵
-
\??\c:\1tbntn.exec:\1tbntn.exe77⤵
-
\??\c:\tbtntn.exec:\tbtntn.exe78⤵
-
\??\c:\hnnbnn.exec:\hnnbnn.exe79⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe80⤵
-
\??\c:\1xxlfxl.exec:\1xxlfxl.exe81⤵
-
\??\c:\llrlffl.exec:\llrlffl.exe82⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe83⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe84⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe85⤵
-
\??\c:\fxxrlxx.exec:\fxxrlxx.exe86⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe87⤵
-
\??\c:\btthtn.exec:\btthtn.exe88⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe89⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe90⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe91⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe92⤵
-
\??\c:\rxfffff.exec:\rxfffff.exe93⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe94⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe95⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe96⤵
-
\??\c:\vvddv.exec:\vvddv.exe97⤵
-
\??\c:\rfllfxr.exec:\rfllfxr.exe98⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe99⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe100⤵
-
\??\c:\flfrlxx.exec:\flfrlxx.exe101⤵
-
\??\c:\1nhhbt.exec:\1nhhbt.exe102⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe103⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe104⤵
-
\??\c:\1fffxxx.exec:\1fffxxx.exe105⤵
-
\??\c:\tbbntn.exec:\tbbntn.exe106⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe107⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe108⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe109⤵
-
\??\c:\flfxlfx.exec:\flfxlfx.exe110⤵
-
\??\c:\lxxrlfr.exec:\lxxrlfr.exe111⤵
-
\??\c:\btthhh.exec:\btthhh.exe112⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe113⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe114⤵
-
\??\c:\fxfrfxr.exec:\fxfrfxr.exe115⤵
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe116⤵
-
\??\c:\ntbnbt.exec:\ntbnbt.exe117⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe118⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe119⤵
-
\??\c:\xlfrffx.exec:\xlfrffx.exe120⤵
-
\??\c:\xlfxxlf.exec:\xlfxxlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-