Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
25-08-2024 11:04
General
-
Target
0fd8c69187cc7095f286c7423339c040N.exe
-
Size
67KB
-
MD5
0fd8c69187cc7095f286c7423339c040
-
SHA1
8478b9b7edf5d3187bd6d49cb1a143c81c863fb8
-
SHA256
3950c9f3a1a1323881693cc7219c987477cc53858c1ded958ceae81585c0bb90
-
SHA512
edfa1ed87e042316fb8bce89d9b79faedea5335d54b8baa16e84df53065a5c81a29e742dab9b0458c99e44bcc59fb3c1056ceedc4046447b973f3671b609e48f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcu:ymb3NkkiQ3mdBjFIsIVcu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0fd8c69187cc7095f286c7423339c040N.exe"C:\Users\Admin\AppData\Local\Temp\0fd8c69187cc7095f286c7423339c040N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttbt.exec:\nbttbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffllr.exec:\3lffllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbt.exec:\bttnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrllx.exec:\xrxrllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntth.exec:\btntth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxfffx.exec:\9lxfffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtbn.exec:\bbbtbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntt.exec:\tnhntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxfff.exec:\rfrxfff.exe17⤵
- Executes dropped EXE
-
\??\c:\thntbh.exec:\thntbh.exe18⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe19⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe20⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe21⤵
- Executes dropped EXE
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe22⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe24⤵
- Executes dropped EXE
-
\??\c:\3jjpp.exec:\3jjpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\rxllfrr.exec:\rxllfrr.exe27⤵
- Executes dropped EXE
-
\??\c:\5hnhth.exec:\5hnhth.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe29⤵
- Executes dropped EXE
-
\??\c:\lxlrxrx.exec:\lxlrxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\fxflxxr.exec:\fxflxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\7bhhnt.exec:\7bhhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\3lxflfr.exec:\3lxflfr.exe34⤵
- Executes dropped EXE
-
\??\c:\fllrfrl.exec:\fllrfrl.exe35⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe36⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe37⤵
- Executes dropped EXE
-
\??\c:\3dvdd.exec:\3dvdd.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrrlfl.exec:\rlrrlfl.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhtnt.exec:\nnhtnt.exe42⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe43⤵
- Executes dropped EXE
-
\??\c:\jvvdj.exec:\jvvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\rfrxlxf.exec:\rfrxlxf.exe45⤵
- Executes dropped EXE
-
\??\c:\lflrffr.exec:\lflrffr.exe46⤵
- Executes dropped EXE
-
\??\c:\9nbhbn.exec:\9nbhbn.exe47⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe48⤵
- Executes dropped EXE
-
\??\c:\3jjjj.exec:\3jjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\xlfflfr.exec:\xlfflfr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbttbt.exec:\bbttbt.exe51⤵
- Executes dropped EXE
-
\??\c:\1ntbbb.exec:\1ntbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe54⤵
- Executes dropped EXE
-
\??\c:\frlllrx.exec:\frlllrx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxflrxr.exec:\fxflrxr.exe56⤵
- Executes dropped EXE
-
\??\c:\9tbbnn.exec:\9tbbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\xxxfxff.exec:\xxxfxff.exe61⤵
- Executes dropped EXE
-
\??\c:\1hnhhb.exec:\1hnhhb.exe62⤵
- Executes dropped EXE
-
\??\c:\3bttbh.exec:\3bttbh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe65⤵
- Executes dropped EXE
-
\??\c:\frrffxl.exec:\frrffxl.exe66⤵
-
\??\c:\ffxllll.exec:\ffxllll.exe67⤵
-
\??\c:\1fxxxxf.exec:\1fxxxxf.exe68⤵
-
\??\c:\hnbhbn.exec:\hnbhbn.exe69⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe70⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe71⤵
-
\??\c:\vpddj.exec:\vpddj.exe72⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe73⤵
-
\??\c:\xrrflxf.exec:\xrrflxf.exe74⤵
-
\??\c:\9nnthb.exec:\9nnthb.exe75⤵
-
\??\c:\btttbb.exec:\btttbb.exe76⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe77⤵
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe78⤵
-
\??\c:\rxxlxfr.exec:\rxxlxfr.exe79⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe80⤵
-
\??\c:\tntntb.exec:\tntntb.exe81⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe82⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe83⤵
-
\??\c:\xrrlxlr.exec:\xrrlxlr.exe84⤵
-
\??\c:\5lrllfr.exec:\5lrllfr.exe85⤵
-
\??\c:\lxflrrr.exec:\lxflrrr.exe86⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe87⤵
-
\??\c:\bntttn.exec:\bntttn.exe88⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe89⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe90⤵
-
\??\c:\lxllffl.exec:\lxllffl.exe91⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe92⤵
-
\??\c:\7htbbb.exec:\7htbbb.exe93⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe94⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe95⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe96⤵
-
\??\c:\rfrllfl.exec:\rfrllfl.exe97⤵
-
\??\c:\fflfxfl.exec:\fflfxfl.exe98⤵
-
\??\c:\9ttttt.exec:\9ttttt.exe99⤵
-
\??\c:\nbnthn.exec:\nbnthn.exe100⤵
-
\??\c:\dpppv.exec:\dpppv.exe101⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe102⤵
-
\??\c:\frfxlfl.exec:\frfxlfl.exe103⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe104⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe105⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe106⤵
-
\??\c:\3dpvp.exec:\3dpvp.exe107⤵
-
\??\c:\flxfrrx.exec:\flxfrrx.exe108⤵
-
\??\c:\lxfflff.exec:\lxfflff.exe109⤵
-
\??\c:\bntntt.exec:\bntntt.exe110⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe111⤵
-
\??\c:\1pjvd.exec:\1pjvd.exe112⤵
-
\??\c:\dvppp.exec:\dvppp.exe113⤵
-
\??\c:\7xfxxfr.exec:\7xfxxfr.exe114⤵
-
\??\c:\xfrllff.exec:\xfrllff.exe115⤵
-
\??\c:\nbbntb.exec:\nbbntb.exe116⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe117⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe118⤵
-
\??\c:\3djvp.exec:\3djvp.exe119⤵
-
\??\c:\lrrrllx.exec:\lrrrllx.exe120⤵
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-