Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
10/08/2024, 23:27
General
-
Target
8065aee0b577c31a2708c878f346e4b36d4a29f6058939231897bd6d0127b57d.exe
-
Size
49KB
-
MD5
04ec9dec8abb05562f4403892d31fe59
-
SHA1
6689bc782360cdc8bbb9749da86b99b1a38bcc43
-
SHA256
8065aee0b577c31a2708c878f346e4b36d4a29f6058939231897bd6d0127b57d
-
SHA512
280d1f4ff2b3ab3618c91f075f376dbb4e034092a2ba9df6ed07239bfe3023007fe7b20dddd70983723e2ef287287726cb2e65838bf0fcab6092d20b71c1cb6e
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvcI:0cdpeeBSHHMHLf9RyIe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8065aee0b577c31a2708c878f346e4b36d4a29f6058939231897bd6d0127b57d.exe"C:\Users\Admin\AppData\Local\Temp\8065aee0b577c31a2708c878f346e4b36d4a29f6058939231897bd6d0127b57d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtttn.exec:\nbtttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jddp.exec:\7jddp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrfxx.exec:\fxxrfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxrlf.exec:\7rfxrlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frllfx.exec:\9frllfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjj.exec:\dddjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdv.exec:\9pjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllllr.exec:\flllllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppj.exec:\djppj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlffl.exec:\rrrlffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhtt.exec:\bhnhtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnthn.exec:\nnnthn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjv.exec:\djjjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrlff.exec:\5rxrlff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbhh.exec:\hbnbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe25⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe27⤵
- Executes dropped EXE
-
\??\c:\9jpjd.exec:\9jpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\rfllrxr.exec:\rfllrxr.exe29⤵
- Executes dropped EXE
-
\??\c:\bttbht.exec:\bttbht.exe30⤵
- Executes dropped EXE
-
\??\c:\nbbnhn.exec:\nbbnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\1rrllxx.exec:\1rrllxx.exe33⤵
- Executes dropped EXE
-
\??\c:\ttnbtn.exec:\ttnbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\1nhhnb.exec:\1nhhnb.exe35⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfllllr.exec:\xfllllr.exe38⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe39⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\7dddv.exec:\7dddv.exe41⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe42⤵
- Executes dropped EXE
-
\??\c:\lrffllx.exec:\lrffllx.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrfllr.exec:\xrrfllr.exe44⤵
- Executes dropped EXE
-
\??\c:\9rfxflr.exec:\9rfxflr.exe45⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\tbnnhn.exec:\tbnnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\3jjjj.exec:\3jjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxffxxx.exec:\fxffxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\lflfxrl.exec:\lflfxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\5jdvj.exec:\5jdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxxrll.exec:\xrxxrll.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhbnt.exec:\hhhbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe58⤵
- Executes dropped EXE
-
\??\c:\flrxrrr.exec:\flrxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\xfllllf.exec:\xfllllf.exe60⤵
- Executes dropped EXE
-
\??\c:\nbhttn.exec:\nbhttn.exe61⤵
- Executes dropped EXE
-
\??\c:\9htnbb.exec:\9htnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe63⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe64⤵
- Executes dropped EXE
-
\??\c:\xxfflfl.exec:\xxfflfl.exe65⤵
- Executes dropped EXE
-
\??\c:\5xxflrr.exec:\5xxflrr.exe66⤵
-
\??\c:\3htnnn.exec:\3htnnn.exe67⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe68⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe69⤵
-
\??\c:\rfxrffx.exec:\rfxrffx.exe70⤵
-
\??\c:\3lffxxr.exec:\3lffxxr.exe71⤵
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe72⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe73⤵
-
\??\c:\1ppdv.exec:\1ppdv.exe74⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe75⤵
-
\??\c:\rxxfflr.exec:\rxxfflr.exe76⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe77⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe78⤵
-
\??\c:\9dddv.exec:\9dddv.exe79⤵
-
\??\c:\rxxfrrl.exec:\rxxfrrl.exe80⤵
-
\??\c:\5rfllff.exec:\5rfllff.exe81⤵
-
\??\c:\httnhh.exec:\httnhh.exe82⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe83⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe84⤵
-
\??\c:\lflfrrx.exec:\lflfrrx.exe85⤵
-
\??\c:\bhnbtt.exec:\bhnbtt.exe86⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe87⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe88⤵
-
\??\c:\7nnnhb.exec:\7nnnhb.exe89⤵
-
\??\c:\bhttnt.exec:\bhttnt.exe90⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe91⤵
-
\??\c:\lrfxrll.exec:\lrfxrll.exe92⤵
-
\??\c:\9bhhnh.exec:\9bhhnh.exe93⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe94⤵
-
\??\c:\djpvp.exec:\djpvp.exe95⤵
-
\??\c:\llxxrxr.exec:\llxxrxr.exe96⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe97⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe98⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe99⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe100⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe101⤵
-
\??\c:\1lfxfxl.exec:\1lfxfxl.exe102⤵
-
\??\c:\3llrffx.exec:\3llrffx.exe103⤵
-
\??\c:\hnnnnh.exec:\hnnnnh.exe104⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe105⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe106⤵
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe107⤵
-
\??\c:\5hnbnn.exec:\5hnbnn.exe108⤵
-
\??\c:\thhhht.exec:\thhhht.exe109⤵
-
\??\c:\9djvp.exec:\9djvp.exe110⤵
-
\??\c:\rrllxfx.exec:\rrllxfx.exe111⤵
-
\??\c:\lrxrfxl.exec:\lrxrfxl.exe112⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe113⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe114⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe115⤵
-
\??\c:\llxfxlr.exec:\llxfxlr.exe116⤵
-
\??\c:\5llfrlx.exec:\5llfrlx.exe117⤵
-
\??\c:\nbbntn.exec:\nbbntn.exe118⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe119⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe120⤵
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-