Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/08/2024, 00:41
General
-
Target
a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08.exe
-
Size
94KB
-
MD5
716c0a035f55682028eeb717c3a0d32a
-
SHA1
fd3c7a8326ccc7fc2f5460748f1f865985ed84da
-
SHA256
a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08
-
SHA512
9cecb9e80a67230ab0df197a5b2652213b7b7a4c0002f239aed48cf4c3258b1f478ea3f3484c0ea642e09bf02a3585184d6ed2485531a75fad958e7534eaa29e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRB/:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBtt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08.exe"C:\Users\Admin\AppData\Local\Temp\a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxllf.exec:\xffxllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtn.exec:\tnnbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvd.exec:\pddvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxffl.exec:\flxxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxfxx.exec:\fxlxfxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhthb.exec:\hbhthb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvj.exec:\pvdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrx.exec:\rlfflrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhn.exec:\hhtbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvp.exec:\jdjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfrfxl.exec:\9xfrfxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnhtt.exec:\1nnhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdd.exec:\ddvdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjj.exec:\vpvjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthb.exec:\nbtthb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhthb.exec:\1nhthb.exe23⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrfrrl.exec:\xfrfrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbbnt.exec:\hbbbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe28⤵
- Executes dropped EXE
-
\??\c:\3vpdp.exec:\3vpdp.exe29⤵
- Executes dropped EXE
-
\??\c:\tbthtn.exec:\tbthtn.exe30⤵
- Executes dropped EXE
-
\??\c:\nththb.exec:\nththb.exe31⤵
- Executes dropped EXE
-
\??\c:\vpvjp.exec:\vpvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe33⤵
- Executes dropped EXE
-
\??\c:\bnthhb.exec:\bnthhb.exe34⤵
- Executes dropped EXE
-
\??\c:\hnhbnh.exec:\hnhbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe36⤵
- Executes dropped EXE
-
\??\c:\frlxfxr.exec:\frlxfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\rfffxrl.exec:\rfffxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\bbtnbt.exec:\bbtnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\bnhbnn.exec:\bnhbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\5ppdv.exec:\5ppdv.exe42⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe43⤵
- Executes dropped EXE
-
\??\c:\9xlxlfr.exec:\9xlxlfr.exe44⤵
- Executes dropped EXE
-
\??\c:\lllrxxl.exec:\lllrxxl.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhbhb.exec:\nhhbhb.exe46⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe48⤵
- Executes dropped EXE
-
\??\c:\frlfxrl.exec:\frlfxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnbnh.exec:\ttnbnh.exe50⤵
- Executes dropped EXE
-
\??\c:\thbtbt.exec:\thbtbt.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe53⤵
- Executes dropped EXE
-
\??\c:\rllxrlx.exec:\rllxrlx.exe54⤵
- Executes dropped EXE
-
\??\c:\5fxrlxl.exec:\5fxrlxl.exe55⤵
- Executes dropped EXE
-
\??\c:\1hbnbt.exec:\1hbnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\3nbbnb.exec:\3nbbnb.exe57⤵
- Executes dropped EXE
-
\??\c:\pvvpv.exec:\pvvpv.exe58⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrrlxlx.exec:\rrrlxlx.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxrffr.exec:\lfxrffr.exe61⤵
- Executes dropped EXE
-
\??\c:\bhbnbb.exec:\bhbnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\tnbnbb.exec:\tnbnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe64⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe65⤵
- Executes dropped EXE
-
\??\c:\xxxrlfr.exec:\xxxrlfr.exe66⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe67⤵
-
\??\c:\pdddv.exec:\pdddv.exe68⤵
-
\??\c:\lffflrf.exec:\lffflrf.exe69⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe70⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe71⤵
-
\??\c:\rxllffx.exec:\rxllffx.exe72⤵
-
\??\c:\rrxxxff.exec:\rrxxxff.exe73⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe74⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe75⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe76⤵
-
\??\c:\frrfxrx.exec:\frrfxrx.exe77⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe78⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe79⤵
-
\??\c:\hbthth.exec:\hbthth.exe80⤵
-
\??\c:\pddjv.exec:\pddjv.exe81⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe82⤵
-
\??\c:\lllfffl.exec:\lllfffl.exe83⤵
-
\??\c:\rffxlxl.exec:\rffxlxl.exe84⤵
-
\??\c:\9tbthb.exec:\9tbthb.exe85⤵
-
\??\c:\nnttth.exec:\nnttth.exe86⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe87⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe88⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe89⤵
-
\??\c:\pppdj.exec:\pppdj.exe90⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe91⤵
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe92⤵
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe93⤵
-
\??\c:\hhhhtn.exec:\hhhhtn.exe94⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe95⤵
-
\??\c:\5vpdv.exec:\5vpdv.exe96⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe97⤵
-
\??\c:\frlfrlf.exec:\frlfrlf.exe98⤵
-
\??\c:\7btthb.exec:\7btthb.exe99⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe100⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe101⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe102⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe103⤵
-
\??\c:\rfxrffx.exec:\rfxrffx.exe104⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe105⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe106⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe107⤵
-
\??\c:\lffffll.exec:\lffffll.exe108⤵
-
\??\c:\xrrrfff.exec:\xrrrfff.exe109⤵
-
\??\c:\1nttnn.exec:\1nttnn.exe110⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe111⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe112⤵
-
\??\c:\3dppv.exec:\3dppv.exe113⤵
-
\??\c:\llfxrlf.exec:\llfxrlf.exe114⤵
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe115⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe116⤵
-
\??\c:\ttthnh.exec:\ttthnh.exe117⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe118⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe119⤵
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe120⤵
-
\??\c:\httnnn.exec:\httnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-