Analysis
-
max time kernel
120s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 03:19
General
-
Target
b58fff930e892b84635f2a3054693a70N.exe
-
Size
261KB
-
MD5
b58fff930e892b84635f2a3054693a70
-
SHA1
6531e70cd467de9461d1362cf2bf764d80ab4ec7
-
SHA256
1a773e6696b1afe09189e023a3e5be75f303df90692ae6cbbee8c543c228ade7
-
SHA512
a0f08f1fde5a8cdd0791f99c2fe8a4bf1e7995eca0beb1f0d0095097565b3f62c0092761fa0bb38098151101fe5e2fc06e1b4c5e2e86da8e9781045ab0672dce
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0qF:n3C9ytvn8whkb4i3e3GF/F
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b58fff930e892b84635f2a3054693a70N.exe"C:\Users\Admin\AppData\Local\Temp\b58fff930e892b84635f2a3054693a70N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnbtn.exec:\3hnbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfxrf.exec:\lrxfxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlff.exec:\lffxlff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhtn.exec:\nbhhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhthh.exec:\1hhthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdp.exec:\djpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrlff.exec:\xlrrlff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnn.exec:\nbhhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllfx.exec:\fllllfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbn.exec:\nhbnbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpj.exec:\5vvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnn.exec:\bbbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtbt.exec:\3nhtbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtnn.exec:\tbhtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtn.exec:\tbhbtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xffxxl.exec:\3xffxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrfxx.exec:\1fxrfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\7nhbnn.exec:\7nhbnn.exe25⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe26⤵
- Executes dropped EXE
-
\??\c:\1bhbbb.exec:\1bhbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe28⤵
- Executes dropped EXE
-
\??\c:\fffrlfx.exec:\fffrlfx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnnnhb.exec:\nnnnhb.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhhbt.exec:\nbhhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\5nnhtt.exec:\5nnhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\tnttnh.exec:\tnttnh.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe37⤵
- Executes dropped EXE
-
\??\c:\3flxfxf.exec:\3flxfxf.exe38⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\bbnhbt.exec:\bbnhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\7vpdv.exec:\7vpdv.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe42⤵
- Executes dropped EXE
-
\??\c:\5rrfxrl.exec:\5rrfxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\3tnhbt.exec:\3tnhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\bhnbbt.exec:\bhnbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\1ppdj.exec:\1ppdj.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrfxlf.exec:\xxrfxlf.exe47⤵
- Executes dropped EXE
-
\??\c:\rffrlfx.exec:\rffrlfx.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3ttnhb.exec:\3ttnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\7ntnhn.exec:\7ntnhn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe51⤵
- Executes dropped EXE
-
\??\c:\1jjpj.exec:\1jjpj.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrlrrl.exec:\rrrlrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\tbtttt.exec:\tbtttt.exe54⤵
- Executes dropped EXE
-
\??\c:\thtnnt.exec:\thtnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrfffr.exec:\rlrfffr.exe58⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe60⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe61⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe63⤵
- Executes dropped EXE
-
\??\c:\xfrxxxx.exec:\xfrxxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\9htbnt.exec:\9htbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe66⤵
-
\??\c:\pvddd.exec:\pvddd.exe67⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe68⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe69⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe70⤵
-
\??\c:\djvpj.exec:\djvpj.exe71⤵
-
\??\c:\vjddv.exec:\vjddv.exe72⤵
-
\??\c:\flrlfll.exec:\flrlfll.exe73⤵
-
\??\c:\lrllflf.exec:\lrllflf.exe74⤵
-
\??\c:\hhhhnh.exec:\hhhhnh.exe75⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjvvp.exec:\pjvvp.exe77⤵
-
\??\c:\9rflfrr.exec:\9rflfrr.exe78⤵
-
\??\c:\xffffll.exec:\xffffll.exe79⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe80⤵
-
\??\c:\1nnhbb.exec:\1nnhbb.exe81⤵
-
\??\c:\vddvd.exec:\vddvd.exe82⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe83⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe84⤵
-
\??\c:\9nbtbb.exec:\9nbtbb.exe85⤵
-
\??\c:\vvddv.exec:\vvddv.exe86⤵
-
\??\c:\pddvj.exec:\pddvj.exe87⤵
-
\??\c:\lxllrlx.exec:\lxllrlx.exe88⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe89⤵
-
\??\c:\vpddv.exec:\vpddv.exe90⤵
-
\??\c:\vddvv.exec:\vddvv.exe91⤵
-
\??\c:\fxxllfx.exec:\fxxllfx.exe92⤵
-
\??\c:\1nthhh.exec:\1nthhh.exe93⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe94⤵
-
\??\c:\7jjvj.exec:\7jjvj.exe95⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe96⤵
-
\??\c:\5hhhbb.exec:\5hhhbb.exe97⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe98⤵
-
\??\c:\dvddv.exec:\dvddv.exe99⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe100⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe101⤵
-
\??\c:\nnnbtt.exec:\nnnbtt.exe102⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe103⤵
-
\??\c:\ddddd.exec:\ddddd.exe104⤵
-
\??\c:\llrllff.exec:\llrllff.exe105⤵
-
\??\c:\xfllrff.exec:\xfllrff.exe106⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe107⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe108⤵
-
\??\c:\ddppv.exec:\ddppv.exe109⤵
-
\??\c:\7frlfff.exec:\7frlfff.exe110⤵
-
\??\c:\9fflffr.exec:\9fflffr.exe111⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe112⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe113⤵
-
\??\c:\tthntt.exec:\tthntt.exe114⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe115⤵
-
\??\c:\pjddj.exec:\pjddj.exe116⤵
-
\??\c:\llrrxlr.exec:\llrrxlr.exe117⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe118⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe119⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe120⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-