Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24/08/2024, 21:08
General
-
Target
f2e5b9f12497d50407f5581dc4e9d4e0N.exe
-
Size
86KB
-
MD5
f2e5b9f12497d50407f5581dc4e9d4e0
-
SHA1
51013be31cfdc31724009052c1f85caf69d8bb05
-
SHA256
5e95509de25fbbfc03d6a9606bbc9abe5c3fb1c4990b8e2881118de2e9ef5534
-
SHA512
9e4c83527421c19365ba774d8e92a81899d7ead9024dee5469146e6b7e158fe0d1893062179734cb7c6c7b4f542861f4cebc7c5108ea465d15445275f28634af
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufT7Y:ymb3NkkiQ3mdBjFodt27HobvcyLuf4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2e5b9f12497d50407f5581dc4e9d4e0N.exe"C:\Users\Admin\AppData\Local\Temp\f2e5b9f12497d50407f5581dc4e9d4e0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxx.exec:\lflfxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvv.exec:\jdjvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxxl.exec:\xxrlxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbn.exec:\nnttbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrrxr.exec:\rllrrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhhh.exec:\9tnhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvv.exec:\5ddvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdd.exec:\jjjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xffrrx.exec:\7xffrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxrrl.exec:\7rxxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtbh.exec:\nhbtbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnbb.exec:\7btnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxlrr.exec:\llfxlrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhh.exec:\bbnnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhbtb.exec:\9bhbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxlrl.exec:\xxxxlrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhh.exec:\hhtnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe25⤵
- Executes dropped EXE
-
\??\c:\thnnbh.exec:\thnnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\llxrlll.exec:\llxrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\9rxrllf.exec:\9rxrllf.exe29⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe30⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe32⤵
- Executes dropped EXE
-
\??\c:\lflfrrr.exec:\lflfrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe35⤵
- Executes dropped EXE
-
\??\c:\3pjjd.exec:\3pjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\3xxrrrf.exec:\3xxrrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\5rffllx.exec:\5rffllx.exe38⤵
- Executes dropped EXE
-
\??\c:\7lxfflf.exec:\7lxfflf.exe39⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\7htnhh.exec:\7htnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe43⤵
- Executes dropped EXE
-
\??\c:\lrrlfff.exec:\lrrlfff.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\1lfrlxr.exec:\1lfrlxr.exe49⤵
- Executes dropped EXE
-
\??\c:\llffxrr.exec:\llffxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbtnbb.exec:\tbtnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\3vpjd.exec:\3vpjd.exe53⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\5rrlxfx.exec:\5rrlxfx.exe55⤵
- Executes dropped EXE
-
\??\c:\5bhbbb.exec:\5bhbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\7tnhbt.exec:\7tnhbt.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\3fxrffx.exec:\3fxrffx.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrxfxf.exec:\rlrxfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfffxxr.exec:\lfffxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\xlllxrx.exec:\xlllxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\9hbbtn.exec:\9hbbtn.exe66⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe67⤵
-
\??\c:\7vvpp.exec:\7vvpp.exe68⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe69⤵
-
\??\c:\frxrrlr.exec:\frxrrlr.exe70⤵
-
\??\c:\9nhbnn.exec:\9nhbnn.exe71⤵
-
\??\c:\tbhthh.exec:\tbhthh.exe72⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe73⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe74⤵
-
\??\c:\ffllfxx.exec:\ffllfxx.exe75⤵
-
\??\c:\7rxrlfx.exec:\7rxrlfx.exe76⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe77⤵
-
\??\c:\dddvj.exec:\dddvj.exe78⤵
-
\??\c:\rxlxrlx.exec:\rxlxrlx.exe79⤵
-
\??\c:\rllffxx.exec:\rllffxx.exe80⤵
-
\??\c:\hnnnhb.exec:\hnnnhb.exe81⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe82⤵
-
\??\c:\vppjp.exec:\vppjp.exe83⤵
-
\??\c:\xfxflrr.exec:\xfxflrr.exe84⤵
-
\??\c:\5fxxfff.exec:\5fxxfff.exe85⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe86⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe87⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe88⤵
-
\??\c:\frxxlll.exec:\frxxlll.exe89⤵
-
\??\c:\lfrrffx.exec:\lfrrffx.exe90⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe91⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe92⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe93⤵
-
\??\c:\5llfrrl.exec:\5llfrrl.exe94⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe95⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe96⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe97⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe98⤵
-
\??\c:\1xfxrrl.exec:\1xfxrrl.exe99⤵
-
\??\c:\bttttn.exec:\bttttn.exe100⤵
-
\??\c:\hbhthh.exec:\hbhthh.exe101⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvjdd.exec:\dvjdd.exe103⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe104⤵
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe105⤵
-
\??\c:\lffxxrx.exec:\lffxxrx.exe106⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe107⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe108⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe109⤵
-
\??\c:\9djdp.exec:\9djdp.exe110⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe111⤵
-
\??\c:\7rxlrrf.exec:\7rxlrrf.exe112⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe113⤵
-
\??\c:\3tnhbb.exec:\3tnhbb.exe114⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe115⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe116⤵
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe117⤵
-
\??\c:\9frrrrr.exec:\9frrrrr.exe118⤵
-
\??\c:\1bnbtt.exec:\1bnbtt.exe119⤵
-
\??\c:\1hbbnh.exec:\1hbbnh.exe120⤵
-
\??\c:\vddvj.exec:\vddvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-