Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 00:39
General
-
Target
bcb05e58ae482629cc3a13acea1d6630N.exe
-
Size
105KB
-
MD5
bcb05e58ae482629cc3a13acea1d6630
-
SHA1
f484bd97a365a5e9c1ce1b724b28b7520387957c
-
SHA256
8552cb84a614aaaab22888bafefae06210f1d1c704964111749d16d2e0803e54
-
SHA512
abc7732e7bf3eb8a7ebc20f4cef9bd4766377b3924f4584e6122e7579b93472f2a73ed03e584e4f77f47828a740dbc2f159892d1e6b06399413c8cfa69a5f670
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afounQD6/T+gw3xtE:n3C9BRW0j/uQDy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcb05e58ae482629cc3a13acea1d6630N.exe"C:\Users\Admin\AppData\Local\Temp\bcb05e58ae482629cc3a13acea1d6630N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnbbt.exec:\7hnbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjvj.exec:\5vjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjj.exec:\djjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbnh.exec:\hthbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfrrf.exec:\9xrfrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbthh.exec:\5hbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddv.exec:\djddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxrr.exec:\llrlxrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnht.exec:\9btnht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbb.exec:\nhhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpdp.exec:\3vpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrllf.exec:\xrxrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbbtb.exec:\5tbbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjv.exec:\jdvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrflf.exec:\1lxrflf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrflx.exec:\rxfrflx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbthn.exec:\ttbthn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvj.exec:\dpvvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jppj.exec:\9jppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxxx.exec:\llflxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrllfx.exec:\xxrllfx.exe23⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrxlxx.exec:\rrrxlxx.exe26⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe27⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe29⤵
- Executes dropped EXE
-
\??\c:\xxfrlrl.exec:\xxfrlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\bhnhtn.exec:\bhnhtn.exe31⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe32⤵
- Executes dropped EXE
-
\??\c:\rxrflfx.exec:\rxrflfx.exe33⤵
- Executes dropped EXE
-
\??\c:\fffxrrl.exec:\fffxrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe36⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lflxlrl.exec:\lflxlrl.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxfllf.exec:\lfxfllf.exe39⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\9hnntb.exec:\9hnntb.exe41⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxxlxx.exec:\rxxxlxx.exe44⤵
- Executes dropped EXE
-
\??\c:\nnthtn.exec:\nnthtn.exe45⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\hhnhnn.exec:\hhnhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\9llxfxf.exec:\9llxfxf.exe50⤵
- Executes dropped EXE
-
\??\c:\xffxrrr.exec:\xffxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\btnnhb.exec:\btnnhb.exe52⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe53⤵
- Executes dropped EXE
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlrffr.exec:\rrlrffr.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\bbthbt.exec:\bbthbt.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe59⤵
- Executes dropped EXE
-
\??\c:\rlflllf.exec:\rlflllf.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe61⤵
- Executes dropped EXE
-
\??\c:\thbbth.exec:\thbbth.exe62⤵
- Executes dropped EXE
-
\??\c:\thbnbt.exec:\thbnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe65⤵
- Executes dropped EXE
-
\??\c:\lllxlfr.exec:\lllxlfr.exe66⤵
-
\??\c:\lxxxllx.exec:\lxxxllx.exe67⤵
-
\??\c:\httnnh.exec:\httnnh.exe68⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe69⤵
-
\??\c:\djppv.exec:\djppv.exe70⤵
-
\??\c:\5rlxrfr.exec:\5rlxrfr.exe71⤵
-
\??\c:\lllxlfx.exec:\lllxlfx.exe72⤵
-
\??\c:\9bbnbt.exec:\9bbnbt.exe73⤵
-
\??\c:\3hbnbt.exec:\3hbnbt.exe74⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe75⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe76⤵
-
\??\c:\llfffrr.exec:\llfffrr.exe77⤵
-
\??\c:\rfxrfxf.exec:\rfxrfxf.exe78⤵
-
\??\c:\7bbtht.exec:\7bbtht.exe79⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe80⤵
-
\??\c:\djjdv.exec:\djjdv.exe81⤵
-
\??\c:\fxxlfxl.exec:\fxxlfxl.exe82⤵
-
\??\c:\rxffxrl.exec:\rxffxrl.exe83⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe84⤵
-
\??\c:\thhbhh.exec:\thhbhh.exe85⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe86⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe87⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe88⤵
-
\??\c:\xfxrfxr.exec:\xfxrfxr.exe89⤵
-
\??\c:\htbthb.exec:\htbthb.exe90⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe91⤵
-
\??\c:\jppdp.exec:\jppdp.exe92⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe93⤵
-
\??\c:\xlrrfxr.exec:\xlrrfxr.exe94⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe95⤵
-
\??\c:\bnbhnb.exec:\bnbhnb.exe96⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe97⤵
-
\??\c:\7frfrlx.exec:\7frfrlx.exe98⤵
-
\??\c:\3xxrxrl.exec:\3xxrxrl.exe99⤵
-
\??\c:\bnhtnn.exec:\bnhtnn.exe100⤵
-
\??\c:\1nhthb.exec:\1nhthb.exe101⤵
-
\??\c:\djvpj.exec:\djvpj.exe102⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe103⤵
-
\??\c:\5flfllx.exec:\5flfllx.exe104⤵
-
\??\c:\5fxlfrf.exec:\5fxlfrf.exe105⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe106⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe107⤵
-
\??\c:\pppdv.exec:\pppdv.exe108⤵
-
\??\c:\djdvj.exec:\djdvj.exe109⤵
-
\??\c:\lxrfxxl.exec:\lxrfxxl.exe110⤵
-
\??\c:\5bthbn.exec:\5bthbn.exe111⤵
-
\??\c:\tbbnbb.exec:\tbbnbb.exe112⤵
-
\??\c:\1vvjd.exec:\1vvjd.exe113⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe114⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe115⤵
-
\??\c:\5ffrrlx.exec:\5ffrrlx.exe116⤵
-
\??\c:\7fxrlxr.exec:\7fxrlxr.exe117⤵
-
\??\c:\bttnbt.exec:\bttnbt.exe118⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe119⤵
-
\??\c:\vppjp.exec:\vppjp.exe120⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-