Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08-08-2024 04:23
General
-
Target
e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542.exe
-
Size
91KB
-
MD5
b3ef64838721d804843ec6107dcee1b2
-
SHA1
7990eeb539a26ff4a4e5008e2836b0113198bc10
-
SHA256
e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542
-
SHA512
6f28cd20fbdf2c0f42ef283f33e283124803c11a57d28cb6dd63090e0d64d47364f4328da03cf2c00a40b89aae1db371d0f71e1981a7c16f403b62d4291dbf85
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRB2:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBVs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542.exe"C:\Users\Admin\AppData\Local\Temp\e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxr.exec:\rfffxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbt.exec:\htbtbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxfxx.exec:\xlfxfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhh.exec:\bhnhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrff.exec:\xrxrrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlllf.exec:\xrrlllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhhb.exec:\bbnhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvv.exec:\pvjvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flfxxr.exec:\5flfxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhhh.exec:\3nnhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnb.exec:\tnttnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflrxx.exec:\llflrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnhb.exec:\tnbnhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvp.exec:\5ddvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllflf.exec:\rfllflf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllfl.exec:\fxlllfl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\9vdjv.exec:\9vdjv.exe26⤵
- Executes dropped EXE
-
\??\c:\3xffrrr.exec:\3xffrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\tthbhh.exec:\tthbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\3rfxlrf.exec:\3rfxlrf.exe31⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\tbtnhh.exec:\tbtnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe35⤵
- Executes dropped EXE
-
\??\c:\lrxrrll.exec:\lrxrrll.exe36⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\3bbtth.exec:\3bbtth.exe38⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxrxxr.exec:\xrxrxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\rrlfxrr.exec:\rrlfxrr.exe42⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnhht.exec:\nhnhht.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrxrlf.exec:\fxrxrlf.exe47⤵
- Executes dropped EXE
-
\??\c:\rrrrlff.exec:\rrrrlff.exe48⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\7jvpj.exec:\7jvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\rfffxrx.exec:\rfffxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\5xxxrrl.exec:\5xxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe54⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe55⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\frlfxxr.exec:\frlfxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\3xxrrfx.exec:\3xxrrfx.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxrlff.exec:\xxxrlff.exe63⤵
- Executes dropped EXE
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe64⤵
- Executes dropped EXE
-
\??\c:\bbthbn.exec:\bbthbn.exe65⤵
- Executes dropped EXE
-
\??\c:\9tbnhh.exec:\9tbnhh.exe66⤵
-
\??\c:\lxffxrl.exec:\lxffxrl.exe67⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe68⤵
-
\??\c:\tnhhht.exec:\tnhhht.exe69⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe70⤵
-
\??\c:\xllrlxr.exec:\xllrlxr.exe71⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe72⤵
-
\??\c:\pdddv.exec:\pdddv.exe73⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe74⤵
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe75⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe76⤵
-
\??\c:\1htttt.exec:\1htttt.exe77⤵
-
\??\c:\ppppj.exec:\ppppj.exe78⤵
-
\??\c:\rfrlxlf.exec:\rfrlxlf.exe79⤵
-
\??\c:\5frlllr.exec:\5frlllr.exe80⤵
-
\??\c:\3lffllr.exec:\3lffllr.exe81⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe82⤵
-
\??\c:\thtttb.exec:\thtttb.exe83⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe84⤵
-
\??\c:\djjdj.exec:\djjdj.exe85⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe86⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe87⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe88⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe89⤵
-
\??\c:\5pdvj.exec:\5pdvj.exe90⤵
-
\??\c:\lllxxrf.exec:\lllxxrf.exe91⤵
-
\??\c:\nbnnhb.exec:\nbnnhb.exe92⤵
-
\??\c:\5hhtnn.exec:\5hhtnn.exe93⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe94⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe95⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe96⤵
-
\??\c:\hbhtnh.exec:\hbhtnh.exe97⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe98⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe99⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe100⤵
-
\??\c:\xlxlrll.exec:\xlxlrll.exe101⤵
-
\??\c:\rxlllfl.exec:\rxlllfl.exe102⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe103⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe104⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe105⤵
-
\??\c:\xflffll.exec:\xflffll.exe106⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe107⤵
-
\??\c:\btthbn.exec:\btthbn.exe108⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe109⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe110⤵
-
\??\c:\lrlxxxx.exec:\lrlxxxx.exe111⤵
-
\??\c:\fflrfff.exec:\fflrfff.exe112⤵
-
\??\c:\nbthbh.exec:\nbthbh.exe113⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe114⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe115⤵
-
\??\c:\rrrlxrf.exec:\rrrlxrf.exe116⤵
-
\??\c:\xrfxllr.exec:\xrfxllr.exe117⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe118⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe119⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe120⤵
-
\??\c:\vdddd.exec:\vdddd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-