Analysis
-
max time kernel
115s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 04:44
General
-
Target
b251ce76f743ddb46f67a3170e1d97d0N.exe
-
Size
61KB
-
MD5
b251ce76f743ddb46f67a3170e1d97d0
-
SHA1
264a037acd641fd612c7e7e09c0c50e50a05ccb4
-
SHA256
6419c4a3e02b93443720fc09ec19483a534c64832a3cff5434a46b77496837dd
-
SHA512
264b6dca71043d05bff8ac41704b5d071e81883f73082901913bc237e137a4f752dc0de04ad8a5fa94821c690d12965ac0dc529c1f014e1d76982c9f5b514808
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKE0:ymb3NkkiQ3mdBjFII9ZvHKE0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b251ce76f743ddb46f67a3170e1d97d0N.exe"C:\Users\Admin\AppData\Local\Temp\b251ce76f743ddb46f67a3170e1d97d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjd.exec:\vddjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffxxr.exec:\xlffxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhh.exec:\btnhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhbb.exec:\ntnhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrffl.exec:\rxxrffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllllf.exec:\3lllllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnnn.exec:\9btnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllffx.exec:\frllffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxffx.exec:\lflxffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhbb.exec:\1hhhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrxrx.exec:\7lrrxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhbb.exec:\thhhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhtt.exec:\thhhtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtn.exec:\hbhbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe23⤵
- Executes dropped EXE
-
\??\c:\rlllxll.exec:\rlllxll.exe24⤵
- Executes dropped EXE
-
\??\c:\7lxrlff.exec:\7lxrlff.exe25⤵
- Executes dropped EXE
-
\??\c:\hnbhhn.exec:\hnbhhn.exe26⤵
- Executes dropped EXE
-
\??\c:\9jjpp.exec:\9jjpp.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxfrxxx.exec:\xxfrxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\1htthh.exec:\1htthh.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\5djdp.exec:\5djdp.exe32⤵
- Executes dropped EXE
-
\??\c:\rflffxf.exec:\rflffxf.exe33⤵
- Executes dropped EXE
-
\??\c:\tbtthh.exec:\tbtthh.exe34⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe38⤵
- Executes dropped EXE
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe40⤵
- Executes dropped EXE
-
\??\c:\3flfrrf.exec:\3flfrrf.exe41⤵
- Executes dropped EXE
-
\??\c:\bbtbbt.exec:\bbtbbt.exe42⤵
- Executes dropped EXE
-
\??\c:\3ttbbt.exec:\3ttbbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\1fflxrl.exec:\1fflxrl.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlxlfx.exec:\fxlxlfx.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe48⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe51⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe52⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxrllr.exec:\5rxrllr.exe55⤵
- Executes dropped EXE
-
\??\c:\flrlxxl.exec:\flrlxxl.exe56⤵
- Executes dropped EXE
-
\??\c:\htthtn.exec:\htthtn.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe58⤵
- Executes dropped EXE
-
\??\c:\htnhhb.exec:\htnhhb.exe59⤵
- Executes dropped EXE
-
\??\c:\9jjdp.exec:\9jjdp.exe60⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlffrlx.exec:\rlffrlx.exe63⤵
- Executes dropped EXE
-
\??\c:\3frfrll.exec:\3frfrll.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhhhb.exec:\nnhhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\5hbthh.exec:\5hbthh.exe66⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe67⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe68⤵
-
\??\c:\9ffrllx.exec:\9ffrllx.exe69⤵
-
\??\c:\llfxlfr.exec:\llfxlfr.exe70⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe71⤵
-
\??\c:\hntthb.exec:\hntthb.exe72⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe73⤵
-
\??\c:\pppdv.exec:\pppdv.exe74⤵
-
\??\c:\5xfxxxf.exec:\5xfxxxf.exe75⤵
-
\??\c:\rffffff.exec:\rffffff.exe76⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe77⤵
-
\??\c:\nnhnhb.exec:\nnhnhb.exe78⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe79⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe80⤵
-
\??\c:\lrlxrlf.exec:\lrlxrlf.exe81⤵
-
\??\c:\xxxlfrx.exec:\xxxlfrx.exe82⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe83⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe84⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe85⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe86⤵
-
\??\c:\fxrlxlf.exec:\fxrlxlf.exe87⤵
-
\??\c:\hhhthb.exec:\hhhthb.exe88⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe89⤵
-
\??\c:\xllrflf.exec:\xllrflf.exe90⤵
-
\??\c:\tbthbt.exec:\tbthbt.exe91⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe92⤵
-
\??\c:\dddpv.exec:\dddpv.exe93⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe94⤵
-
\??\c:\flrfrrl.exec:\flrfrrl.exe95⤵
-
\??\c:\hnhntt.exec:\hnhntt.exe96⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe97⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe98⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe99⤵
-
\??\c:\xxxrfrl.exec:\xxxrfrl.exe100⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe101⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe102⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe103⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe104⤵
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe105⤵
-
\??\c:\lffrlrf.exec:\lffrlrf.exe106⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe107⤵
-
\??\c:\jddvv.exec:\jddvv.exe108⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe109⤵
-
\??\c:\rxxllfx.exec:\rxxllfx.exe110⤵
-
\??\c:\1xrfrlf.exec:\1xrfrlf.exe111⤵
-
\??\c:\3hhbtn.exec:\3hhbtn.exe112⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe113⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe114⤵
-
\??\c:\vppjd.exec:\vppjd.exe115⤵
-
\??\c:\xlxxllf.exec:\xlxxllf.exe116⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe117⤵
-
\??\c:\ththhb.exec:\ththhb.exe118⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe119⤵
-
\??\c:\vjddv.exec:\vjddv.exe120⤵
-
\??\c:\fllfllx.exec:\fllfllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-