Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
24/08/2024, 22:33
General
-
Target
50ffc3998883d6c4668bf61dbf4ba69a9600947df991802d3f153ac8ba922b40.exe
-
Size
139KB
-
MD5
266e571a09d1db9343beb83ef4c52f32
-
SHA1
dd99b22640cee5d33fc25c1785dbe0fd333ce0eb
-
SHA256
50ffc3998883d6c4668bf61dbf4ba69a9600947df991802d3f153ac8ba922b40
-
SHA512
353d865a149096a7503a413b2d55685b2d5b0dfbb6e5ebda176f62349d81f12a16e4a8a057050936447bf382b3d96f086ac36f51878ffee1c7ada562ced8dd27
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGoH/LE:n3C9BRW0j/1px+dGkQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\50ffc3998883d6c4668bf61dbf4ba69a9600947df991802d3f153ac8ba922b40.exe"C:\Users\Admin\AppData\Local\Temp\50ffc3998883d6c4668bf61dbf4ba69a9600947df991802d3f153ac8ba922b40.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffllr.exec:\xrffllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnt.exec:\tnnnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhnhh.exec:\7hhnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxlx.exec:\xxllxlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnbn.exec:\hhnnbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdj.exec:\pvpdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffflr.exec:\rlffflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fflrfl.exec:\1fflrfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtt.exec:\tnhhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbn.exec:\tthnbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjv.exec:\5ppjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxllx.exec:\lfrxllx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllffl.exec:\llllffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnth.exec:\5bnnth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe17⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe18⤵
- Executes dropped EXE
-
\??\c:\fxfrllx.exec:\fxfrllx.exe19⤵
- Executes dropped EXE
-
\??\c:\nhthth.exec:\nhthth.exe20⤵
- Executes dropped EXE
-
\??\c:\5jddd.exec:\5jddd.exe21⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe22⤵
- Executes dropped EXE
-
\??\c:\llxflrx.exec:\llxflrx.exe23⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\5lflrrx.exec:\5lflrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe30⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rxllfxr.exec:\rxllfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\7btbhh.exec:\7btbhh.exe34⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe35⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe37⤵
- Executes dropped EXE
-
\??\c:\1frxxfr.exec:\1frxxfr.exe38⤵
- Executes dropped EXE
-
\??\c:\xrfrfrf.exec:\xrfrfrf.exe39⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe42⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxxlll.exec:\xrxxlll.exe44⤵
- Executes dropped EXE
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe46⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\9vddd.exec:\9vddd.exe49⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe50⤵
- Executes dropped EXE
-
\??\c:\xlrfflf.exec:\xlrfflf.exe51⤵
- Executes dropped EXE
-
\??\c:\1xrxffl.exec:\1xrxffl.exe52⤵
- Executes dropped EXE
-
\??\c:\9hbntt.exec:\9hbntt.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nhbbtt.exec:\nhbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe55⤵
- Executes dropped EXE
-
\??\c:\1rfxllr.exec:\1rfxllr.exe56⤵
- Executes dropped EXE
-
\??\c:\nbnbnb.exec:\nbnbnb.exe57⤵
- Executes dropped EXE
-
\??\c:\7btbbh.exec:\7btbbh.exe58⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe59⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe60⤵
- Executes dropped EXE
-
\??\c:\ffrfxfr.exec:\ffrfxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\lflxlxf.exec:\lflxlxf.exe62⤵
- Executes dropped EXE
-
\??\c:\7bthbn.exec:\7bthbn.exe63⤵
- Executes dropped EXE
-
\??\c:\7hhthh.exec:\7hhthh.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe66⤵
-
\??\c:\9frlrrf.exec:\9frlrrf.exe67⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe68⤵
-
\??\c:\ntntnb.exec:\ntntnb.exe69⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe70⤵
-
\??\c:\pppdj.exec:\pppdj.exe71⤵
-
\??\c:\5lxxfll.exec:\5lxxfll.exe72⤵
-
\??\c:\xxxfxfr.exec:\xxxfxfr.exe73⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe74⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe75⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe76⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe77⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe78⤵
-
\??\c:\xllrfrl.exec:\xllrfrl.exe79⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe80⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe81⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe82⤵
-
\??\c:\llxfrfr.exec:\llxfrfr.exe83⤵
-
\??\c:\lfxlxlr.exec:\lfxlxlr.exe84⤵
-
\??\c:\nnhtth.exec:\nnhtth.exe85⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe86⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe87⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe88⤵
-
\??\c:\llrfxxl.exec:\llrfxxl.exe89⤵
-
\??\c:\7httnn.exec:\7httnn.exe90⤵
-
\??\c:\5nhtbn.exec:\5nhtbn.exe91⤵
-
\??\c:\9xlxfrf.exec:\9xlxfrf.exe92⤵
-
\??\c:\7xrxxfr.exec:\7xrxxfr.exe93⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe94⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe95⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe96⤵
-
\??\c:\1rfrflx.exec:\1rfrflx.exe97⤵
-
\??\c:\frxflrx.exec:\frxflrx.exe98⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe99⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe100⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe101⤵
-
\??\c:\jvddd.exec:\jvddd.exe102⤵
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe103⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe104⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe105⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe106⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe107⤵
-
\??\c:\rflllxf.exec:\rflllxf.exe108⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe109⤵
-
\??\c:\5bbhhn.exec:\5bbhhn.exe110⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe111⤵
-
\??\c:\3fflllr.exec:\3fflllr.exe112⤵
-
\??\c:\7rrflrx.exec:\7rrflrx.exe113⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe114⤵
-
\??\c:\5hhntb.exec:\5hhntb.exe115⤵
-
\??\c:\3dppd.exec:\3dppd.exe116⤵
-
\??\c:\lfrflfx.exec:\lfrflfx.exe117⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe118⤵
-
\??\c:\3tnthh.exec:\3tnthh.exe119⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe120⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-