Analysis
-
max time kernel
120s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24-08-2024 04:19
General
-
Target
19d0c65482ad77c6385914b10c736e40N.exe
-
Size
92KB
-
MD5
19d0c65482ad77c6385914b10c736e40
-
SHA1
c2e2acca004dc77bc83a2d304255f57ac706ba17
-
SHA256
56910911ada561beacb746c62f51ad8e5e8df7b933b33395b4daeef6c2a1aa8a
-
SHA512
39ba708b0e5a2099480bc06c16403cf12b075efaf33ddd6437db8180430f9367e0f3143278466977f39c0b8b5eb7a88219b2f11c4a3d1af1bc1b09048cb7dca3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIS7/b9EUeWpEC3alBlwtn8BLn9q:ymb3NkkiQ3mdBjFIi/REUZnKlb94h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\19d0c65482ad77c6385914b10c736e40N.exe"C:\Users\Admin\AppData\Local\Temp\19d0c65482ad77c6385914b10c736e40N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhth.exec:\tnnhth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddv.exec:\djddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrflfl.exec:\5lrflfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxffxr.exec:\xxxffxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrlffx.exec:\5xrlffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfxl.exec:\rrxxfxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbthh.exec:\ntbthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrfxx.exec:\xlxrfxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlxrlr.exec:\1rlxrlr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnh.exec:\httnnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrxr.exec:\xllfrxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxllx.exec:\fflxllx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttt.exec:\tntttt.exe23⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe24⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\bbtnnn.exec:\bbtnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\3bhhbb.exec:\3bhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\rlllfll.exec:\rlllfll.exe28⤵
- Executes dropped EXE
-
\??\c:\5tnhbb.exec:\5tnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\nnnhth.exec:\nnnhth.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe31⤵
- Executes dropped EXE
-
\??\c:\9xrlxrl.exec:\9xrlxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\xxlllxx.exec:\xxlllxx.exe33⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\9dvpj.exec:\9dvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\rrrlrrr.exec:\rrrlrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhnhh.exec:\tnhnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\7vdvd.exec:\7vdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\xlxrrll.exec:\xlxrrll.exe42⤵
- Executes dropped EXE
-
\??\c:\hnhtnh.exec:\hnhtnh.exe43⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\7vdvv.exec:\7vdvv.exe45⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\fxxrffr.exec:\fxxrffr.exe47⤵
- Executes dropped EXE
-
\??\c:\xxlflll.exec:\xxlflll.exe48⤵
- Executes dropped EXE
-
\??\c:\7ntthh.exec:\7ntthh.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe51⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\3rxlxrl.exec:\3rxlxrl.exe53⤵
- Executes dropped EXE
-
\??\c:\9rxrxrx.exec:\9rxrxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe55⤵
- Executes dropped EXE
-
\??\c:\tnthtt.exec:\tnthtt.exe56⤵
- Executes dropped EXE
-
\??\c:\5jdpj.exec:\5jdpj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxfxff.exec:\fxxfxff.exe58⤵
- Executes dropped EXE
-
\??\c:\ththnb.exec:\ththnb.exe59⤵
- Executes dropped EXE
-
\??\c:\thtbnh.exec:\thtbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe61⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe62⤵
- Executes dropped EXE
-
\??\c:\fflfffx.exec:\fflfffx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbtnhh.exec:\tbtnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\7vdpj.exec:\7vdpj.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe66⤵
-
\??\c:\5rrfrrf.exec:\5rrfrrf.exe67⤵
-
\??\c:\nbhbth.exec:\nbhbth.exe68⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe69⤵
-
\??\c:\9vpdv.exec:\9vpdv.exe70⤵
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe71⤵
-
\??\c:\lfllfxr.exec:\lfllfxr.exe72⤵
-
\??\c:\bhtnhn.exec:\bhtnhn.exe73⤵
-
\??\c:\vddjv.exec:\vddjv.exe74⤵
-
\??\c:\jddjv.exec:\jddjv.exe75⤵
-
\??\c:\rrxrxrl.exec:\rrxrxrl.exe76⤵
-
\??\c:\ffllrlr.exec:\ffllrlr.exe77⤵
-
\??\c:\bhnbnb.exec:\bhnbnb.exe78⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe79⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe80⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe81⤵
-
\??\c:\btttnn.exec:\btttnn.exe82⤵
-
\??\c:\3bbttn.exec:\3bbttn.exe83⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe84⤵
-
\??\c:\pppjj.exec:\pppjj.exe85⤵
-
\??\c:\fxfrxlr.exec:\fxfrxlr.exe86⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe87⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe88⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe89⤵
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe90⤵
-
\??\c:\7xfxfff.exec:\7xfxfff.exe91⤵
-
\??\c:\hhnbnh.exec:\hhnbnh.exe92⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe93⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe94⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe95⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe97⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe98⤵
-
\??\c:\nbnhnt.exec:\nbnhnt.exe99⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe100⤵
-
\??\c:\jppjv.exec:\jppjv.exe101⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe102⤵
-
\??\c:\5xfxrlf.exec:\5xfxrlf.exe103⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe104⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe105⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe106⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe107⤵
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe108⤵
-
\??\c:\ffrxlxr.exec:\ffrxlxr.exe109⤵
-
\??\c:\bbbnhh.exec:\bbbnhh.exe110⤵
-
\??\c:\bbnbhb.exec:\bbnbhb.exe111⤵
-
\??\c:\9dddv.exec:\9dddv.exe112⤵
-
\??\c:\9xfxlfx.exec:\9xfxlfx.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlxlllr.exec:\rlxlllr.exe114⤵
-
\??\c:\5tbbhb.exec:\5tbbhb.exe115⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe116⤵
-
\??\c:\9flfxxx.exec:\9flfxxx.exe117⤵
-
\??\c:\xrfrlfl.exec:\xrfrlfl.exe118⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe119⤵
-
\??\c:\nhhtnh.exec:\nhhtnh.exe120⤵
-
\??\c:\5djdp.exec:\5djdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-