Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
22-08-2024 08:05
General
-
Target
052f1eea85c007c3f129a809eb0dcab0N.exe
-
Size
60KB
-
MD5
052f1eea85c007c3f129a809eb0dcab0
-
SHA1
265564970d8779b66e1c8ee0c3e5ac1065c16823
-
SHA256
271abccc17419155d43b8111b7125dedc0b45d03f12fb8acc2a35511df9682a6
-
SHA512
cf84aa1ee3b46089cf9b7406e76115a666f74d40117e0ec915279d9f5273d62f991401a3f627686283c86b08d6104b8b1c4bb264b07f37224103014562e6fa84
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsP34i43:ymb3NkkiQ3mdBjFIsP/43
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\052f1eea85c007c3f129a809eb0dcab0N.exe"C:\Users\Admin\AppData\Local\Temp\052f1eea85c007c3f129a809eb0dcab0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrffx.exec:\fflrffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnht.exec:\hbtnht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdj.exec:\dvpdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxrfl.exec:\rrrxrfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhht.exec:\nhbhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxff.exec:\rlrrxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxlf.exec:\rlxrxlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtb.exec:\bnnhtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxfr.exec:\fxffxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbh.exec:\nbtnbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthtt.exec:\7bthtt.exe17⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe18⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe19⤵
- Executes dropped EXE
-
\??\c:\5rlffrf.exec:\5rlffrf.exe20⤵
- Executes dropped EXE
-
\??\c:\bhbnbh.exec:\bhbnbh.exe21⤵
- Executes dropped EXE
-
\??\c:\tttbbn.exec:\tttbbn.exe22⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxlrfl.exec:\rlxlrfl.exe25⤵
- Executes dropped EXE
-
\??\c:\llrflxr.exec:\llrflxr.exe26⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe27⤵
- Executes dropped EXE
-
\??\c:\5tbhnt.exec:\5tbhnt.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe29⤵
- Executes dropped EXE
-
\??\c:\7fxrxrx.exec:\7fxrxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\rrrlxrx.exec:\rrrlxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\bbnbhb.exec:\bbnbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\5tthnt.exec:\5tthnt.exe33⤵
- Executes dropped EXE
-
\??\c:\pppvd.exec:\pppvd.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe35⤵
- Executes dropped EXE
-
\??\c:\llfrrxr.exec:\llfrrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\lllxllf.exec:\lllxllf.exe37⤵
- Executes dropped EXE
-
\??\c:\bhnttb.exec:\bhnttb.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe39⤵
- Executes dropped EXE
-
\??\c:\7vdpd.exec:\7vdpd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe41⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe43⤵
- Executes dropped EXE
-
\??\c:\lxlxrfl.exec:\lxlxrfl.exe44⤵
- Executes dropped EXE
-
\??\c:\nnhttn.exec:\nnhttn.exe45⤵
- Executes dropped EXE
-
\??\c:\hthhtb.exec:\hthhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\hbtnbh.exec:\hbtnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\llflxrf.exec:\llflxrf.exe50⤵
- Executes dropped EXE
-
\??\c:\lrffflf.exec:\lrffflf.exe51⤵
- Executes dropped EXE
-
\??\c:\7xxxlrx.exec:\7xxxlrx.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhbtb.exec:\hhhbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\7tnhbh.exec:\7tnhbh.exe54⤵
- Executes dropped EXE
-
\??\c:\1vvjj.exec:\1vvjj.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\xlxxllr.exec:\xlxxllr.exe57⤵
- Executes dropped EXE
-
\??\c:\xllfrfr.exec:\xllfrfr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhthnt.exec:\hhthnt.exe59⤵
- Executes dropped EXE
-
\??\c:\nttnth.exec:\nttnth.exe60⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe62⤵
- Executes dropped EXE
-
\??\c:\llfllrf.exec:\llfllrf.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrfrf.exec:\lfrrfrf.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbnbn.exec:\tnbnbn.exe65⤵
- Executes dropped EXE
-
\??\c:\7htnnb.exec:\7htnnb.exe66⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe67⤵
-
\??\c:\5vpvj.exec:\5vpvj.exe68⤵
-
\??\c:\3fxllrr.exec:\3fxllrr.exe69⤵
-
\??\c:\fllrlrf.exec:\fllrlrf.exe70⤵
-
\??\c:\tbbbhb.exec:\tbbbhb.exe71⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe72⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe73⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe74⤵
-
\??\c:\xrrlrxl.exec:\xrrlrxl.exe75⤵
-
\??\c:\rrxrxfl.exec:\rrxrxfl.exe76⤵
-
\??\c:\bbhbhn.exec:\bbhbhn.exe77⤵
-
\??\c:\ttbhbh.exec:\ttbhbh.exe78⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe79⤵
-
\??\c:\3vjpj.exec:\3vjpj.exe80⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe81⤵
-
\??\c:\xxlfxfr.exec:\xxlfxfr.exe82⤵
-
\??\c:\tntntb.exec:\tntntb.exe83⤵
-
\??\c:\bbtbhn.exec:\bbtbhn.exe84⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe85⤵
-
\??\c:\djppv.exec:\djppv.exe86⤵
-
\??\c:\xxrrrlr.exec:\xxrrrlr.exe87⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe88⤵
-
\??\c:\bththt.exec:\bththt.exe89⤵
-
\??\c:\ppppv.exec:\ppppv.exe90⤵
-
\??\c:\9vpdj.exec:\9vpdj.exe91⤵
-
\??\c:\llfrxxl.exec:\llfrxxl.exe92⤵
-
\??\c:\3lxxffr.exec:\3lxxffr.exe93⤵
-
\??\c:\btntnt.exec:\btntnt.exe94⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe95⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe96⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe97⤵
-
\??\c:\ffflfrx.exec:\ffflfrx.exe98⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe99⤵
-
\??\c:\bbbtbn.exec:\bbbtbn.exe100⤵
-
\??\c:\tthhnb.exec:\tthhnb.exe101⤵
-
\??\c:\pppjd.exec:\pppjd.exe102⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe103⤵
-
\??\c:\lxlrrrf.exec:\lxlrrrf.exe104⤵
-
\??\c:\9xrlfrx.exec:\9xrlfrx.exe105⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe106⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe107⤵
-
\??\c:\dppdv.exec:\dppdv.exe108⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe109⤵
-
\??\c:\llxxrxr.exec:\llxxrxr.exe110⤵
-
\??\c:\rflxflf.exec:\rflxflf.exe111⤵
-
\??\c:\btbntt.exec:\btbntt.exe112⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe113⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe114⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe115⤵
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe116⤵
-
\??\c:\lflfrlf.exec:\lflfrlf.exe117⤵
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe118⤵
-
\??\c:\7tnbnb.exec:\7tnbnb.exe119⤵
-
\??\c:\vppdj.exec:\vppdj.exe120⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-