Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/08/2024, 18:34
General
-
Target
0bcd17c096666da4ec8286ecbcba0352530dc2bd9b343a8f95d1ce6038b42a37.exe
-
Size
75KB
-
MD5
d48b29e89d175510dd9d27a152c8bbba
-
SHA1
936a8da8edcad3cfd7ff13410300d6b173f08e0c
-
SHA256
0bcd17c096666da4ec8286ecbcba0352530dc2bd9b343a8f95d1ce6038b42a37
-
SHA512
3ed6aa1f25fcdda4609f999f14deb51276c9eb29db2cf1cb1ee8a598d50ff15425e7a94c43e399e8ccd0f554ee95bf2a8ad3649e24a4e3814092576b01ee44d9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73DQQNeOSTyb:ymb3NkkiQ3mdBjFo73DdoxGb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bcd17c096666da4ec8286ecbcba0352530dc2bd9b343a8f95d1ce6038b42a37.exe"C:\Users\Admin\AppData\Local\Temp\0bcd17c096666da4ec8286ecbcba0352530dc2bd9b343a8f95d1ce6038b42a37.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfxxx.exec:\rxrfxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnn.exec:\hbhbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfxr.exec:\flrlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnbtt.exec:\3nnbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvp.exec:\1pvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfffff.exec:\llfffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnb.exec:\tnbtnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlrr.exec:\rllrlrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxfff.exec:\5rfxfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnh.exec:\hbnhnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbb.exec:\nnthbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrflff.exec:\xrrflff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbnn.exec:\nbhbnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnbnh.exec:\3nnbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlffr.exec:\lxrlffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpdp.exec:\3jpdp.exe23⤵
- Executes dropped EXE
-
\??\c:\xxxrfff.exec:\xxxrfff.exe24⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\xlrxrlf.exec:\xlrxrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\rlfxrll.exec:\rlfxrll.exe28⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\7btnhh.exec:\7btnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\fxrxfxr.exec:\fxrxfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\htnhtt.exec:\htnhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe35⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\lflflfr.exec:\lflflfr.exe37⤵
- Executes dropped EXE
-
\??\c:\xfrlflf.exec:\xfrlflf.exe38⤵
- Executes dropped EXE
-
\??\c:\nnhbtn.exec:\nnhbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxllrrf.exec:\fxllrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\flllflf.exec:\flllflf.exe43⤵
- Executes dropped EXE
-
\??\c:\tbnhbb.exec:\tbnhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe47⤵
- Executes dropped EXE
-
\??\c:\xfrrffx.exec:\xfrrffx.exe48⤵
- Executes dropped EXE
-
\??\c:\1rxrlfr.exec:\1rxrlfr.exe49⤵
- Executes dropped EXE
-
\??\c:\btntnb.exec:\btntnb.exe50⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\5dvpd.exec:\5dvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe55⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe59⤵
- Executes dropped EXE
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbttb.exec:\bbbttb.exe61⤵
- Executes dropped EXE
-
\??\c:\1ntnhb.exec:\1ntnhb.exe62⤵
- Executes dropped EXE
-
\??\c:\vjdpj.exec:\vjdpj.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe66⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe67⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe68⤵
-
\??\c:\3xfxxxf.exec:\3xfxxxf.exe69⤵
-
\??\c:\nttbht.exec:\nttbht.exe70⤵
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe71⤵
-
\??\c:\bnthnb.exec:\bnthnb.exe72⤵
-
\??\c:\nbnbtt.exec:\nbnbtt.exe73⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe74⤵
-
\??\c:\frrrfxr.exec:\frrrfxr.exe75⤵
-
\??\c:\ffrrllf.exec:\ffrrllf.exe76⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe77⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe78⤵
-
\??\c:\jddvj.exec:\jddvj.exe79⤵
-
\??\c:\rfxrffr.exec:\rfxrffr.exe80⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe81⤵
-
\??\c:\vpppj.exec:\vpppj.exe82⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe83⤵
-
\??\c:\xxrffxf.exec:\xxrffxf.exe84⤵
-
\??\c:\3thnnb.exec:\3thnnb.exe85⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe86⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe87⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe88⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe89⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe90⤵
-
\??\c:\bhbhhh.exec:\bhbhhh.exe91⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe92⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe93⤵
-
\??\c:\pddvj.exec:\pddvj.exe94⤵
-
\??\c:\flrrrlr.exec:\flrrrlr.exe95⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe96⤵
-
\??\c:\9bbnhb.exec:\9bbnhb.exe97⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe98⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe99⤵
-
\??\c:\xxxlfxx.exec:\xxxlfxx.exe100⤵
-
\??\c:\xxxfflx.exec:\xxxfflx.exe101⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe102⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe103⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe104⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe105⤵
-
\??\c:\xlfxllr.exec:\xlfxllr.exe106⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe107⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe108⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe109⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe110⤵
-
\??\c:\xrrlllf.exec:\xrrlllf.exe111⤵
-
\??\c:\9xfxfxf.exec:\9xfxfxf.exe112⤵
-
\??\c:\bhnhbh.exec:\bhnhbh.exe113⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe114⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe115⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe116⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe117⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe118⤵
-
\??\c:\hbbbbt.exec:\hbbbbt.exe119⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe120⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-