Analysis
-
max time kernel
115s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
25-08-2024 19:18
General
-
Target
192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f.exe
-
Size
56KB
-
MD5
2b61bddc27abfd9f5f94e0187881f47f
-
SHA1
188e85435737d7f91ac3357e591b5281d6d40b13
-
SHA256
192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f
-
SHA512
9dd609a28898720bb16786cafa7e5c6bea6e16b0f3b9cd4bd9aa18e814122e0189808ffae991cf2de6b869451aac9d03564edd79c1c03cecfd5cd10b28cd6e0b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgEWX:ymb3NkkiQ3mdBjFI3EWX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f.exe"C:\Users\Admin\AppData\Local\Temp\192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fxjjdd.exec:\fxjjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpdjj.exec:\xpdjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bndrvp.exec:\bndrvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxljvt.exec:\xxljvt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frjht.exec:\frjht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhdxb.exec:\xhdxb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhrprpf.exec:\hhrprpf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbxndf.exec:\nhbxndf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrjlnx.exec:\hrjlnx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtjvh.exec:\rtjvh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdtlvt.exec:\rdtlvt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trjvn.exec:\trjvn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brbrrh.exec:\brbrrh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvpjfbf.exec:\nvpjfbf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjtbn.exec:\jjtbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvnxrl.exec:\bvnxrl.exe17⤵
- Executes dropped EXE
-
\??\c:\blbnhb.exec:\blbnhb.exe18⤵
- Executes dropped EXE
-
\??\c:\ffhlpdt.exec:\ffhlpdt.exe19⤵
- Executes dropped EXE
-
\??\c:\hjjnxrt.exec:\hjjnxrt.exe20⤵
- Executes dropped EXE
-
\??\c:\ltnnbjj.exec:\ltnnbjj.exe21⤵
- Executes dropped EXE
-
\??\c:\xfdnbpl.exec:\xfdnbpl.exe22⤵
- Executes dropped EXE
-
\??\c:\xffbl.exec:\xffbl.exe23⤵
- Executes dropped EXE
-
\??\c:\hnrjfbt.exec:\hnrjfbt.exe24⤵
- Executes dropped EXE
-
\??\c:\rvjvb.exec:\rvjvb.exe25⤵
- Executes dropped EXE
-
\??\c:\pnbln.exec:\pnbln.exe26⤵
- Executes dropped EXE
-
\??\c:\nvfnn.exec:\nvfnn.exe27⤵
- Executes dropped EXE
-
\??\c:\xxpntdl.exec:\xxpntdl.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\blndbpp.exec:\blndbpp.exe29⤵
- Executes dropped EXE
-
\??\c:\hbfldp.exec:\hbfldp.exe30⤵
- Executes dropped EXE
-
\??\c:\rjvnjhv.exec:\rjvnjhv.exe31⤵
- Executes dropped EXE
-
\??\c:\jfbvnj.exec:\jfbvnj.exe32⤵
- Executes dropped EXE
-
\??\c:\nfbrn.exec:\nfbrn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdfbfv.exec:\jdfbfv.exe34⤵
- Executes dropped EXE
-
\??\c:\fnrrvx.exec:\fnrrvx.exe35⤵
- Executes dropped EXE
-
\??\c:\rjdlnd.exec:\rjdlnd.exe36⤵
- Executes dropped EXE
-
\??\c:\fnpfdtn.exec:\fnpfdtn.exe37⤵
- Executes dropped EXE
-
\??\c:\bvrxbbn.exec:\bvrxbbn.exe38⤵
- Executes dropped EXE
-
\??\c:\jjnfttf.exec:\jjnfttf.exe39⤵
- Executes dropped EXE
-
\??\c:\rjvbtj.exec:\rjvbtj.exe40⤵
- Executes dropped EXE
-
\??\c:\lhbnnbf.exec:\lhbnnbf.exe41⤵
- Executes dropped EXE
-
\??\c:\frlrx.exec:\frlrx.exe42⤵
- Executes dropped EXE
-
\??\c:\lpppdtl.exec:\lpppdtl.exe43⤵
- Executes dropped EXE
-
\??\c:\fbbprlh.exec:\fbbprlh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppflh.exec:\ppflh.exe45⤵
- Executes dropped EXE
-
\??\c:\rvtblj.exec:\rvtblj.exe46⤵
- Executes dropped EXE
-
\??\c:\llxdpr.exec:\llxdpr.exe47⤵
- Executes dropped EXE
-
\??\c:\vxnhx.exec:\vxnhx.exe48⤵
- Executes dropped EXE
-
\??\c:\pbljph.exec:\pbljph.exe49⤵
- Executes dropped EXE
-
\??\c:\fhxptb.exec:\fhxptb.exe50⤵
- Executes dropped EXE
-
\??\c:\njnrjv.exec:\njnrjv.exe51⤵
- Executes dropped EXE
-
\??\c:\ttftf.exec:\ttftf.exe52⤵
- Executes dropped EXE
-
\??\c:\bnhnhdb.exec:\bnhnhdb.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jxvff.exec:\jxvff.exe54⤵
- Executes dropped EXE
-
\??\c:\bpxbt.exec:\bpxbt.exe55⤵
- Executes dropped EXE
-
\??\c:\jrfptxl.exec:\jrfptxl.exe56⤵
- Executes dropped EXE
-
\??\c:\bnbrnrp.exec:\bnbrnrp.exe57⤵
- Executes dropped EXE
-
\??\c:\pnrjbx.exec:\pnrjbx.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fjnrf.exec:\fjnrf.exe59⤵
- Executes dropped EXE
-
\??\c:\hxlvl.exec:\hxlvl.exe60⤵
- Executes dropped EXE
-
\??\c:\rhfxrr.exec:\rhfxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\jhrpf.exec:\jhrpf.exe62⤵
- Executes dropped EXE
-
\??\c:\dbfflh.exec:\dbfflh.exe63⤵
- Executes dropped EXE
-
\??\c:\dllbl.exec:\dllbl.exe64⤵
- Executes dropped EXE
-
\??\c:\djtdj.exec:\djtdj.exe65⤵
- Executes dropped EXE
-
\??\c:\tlvbfp.exec:\tlvbfp.exe66⤵
-
\??\c:\bndrr.exec:\bndrr.exe67⤵
-
\??\c:\fjbpp.exec:\fjbpp.exe68⤵
-
\??\c:\fnfjdbx.exec:\fnfjdbx.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btdrb.exec:\btdrb.exe70⤵
-
\??\c:\bfpnjn.exec:\bfpnjn.exe71⤵
-
\??\c:\vxbvtb.exec:\vxbvtb.exe72⤵
-
\??\c:\hjppbll.exec:\hjppbll.exe73⤵
-
\??\c:\hvhdlbp.exec:\hvhdlbp.exe74⤵
-
\??\c:\vhbfvrj.exec:\vhbfvrj.exe75⤵
-
\??\c:\lnfjjbr.exec:\lnfjjbr.exe76⤵
-
\??\c:\pjfxl.exec:\pjfxl.exe77⤵
-
\??\c:\rlxpdh.exec:\rlxpdh.exe78⤵
-
\??\c:\rtbvbrp.exec:\rtbvbrp.exe79⤵
-
\??\c:\xrfhb.exec:\xrfhb.exe80⤵
-
\??\c:\ffrnll.exec:\ffrnll.exe81⤵
-
\??\c:\xxnpbv.exec:\xxnpbv.exe82⤵
-
\??\c:\bhrjdl.exec:\bhrjdl.exe83⤵
-
\??\c:\hjvtpj.exec:\hjvtpj.exe84⤵
-
\??\c:\fjpbnp.exec:\fjpbnp.exe85⤵
-
\??\c:\vlvrv.exec:\vlvrv.exe86⤵
-
\??\c:\hnjxj.exec:\hnjxj.exe87⤵
-
\??\c:\xdfbpxh.exec:\xdfbpxh.exe88⤵
-
\??\c:\rfjdlvn.exec:\rfjdlvn.exe89⤵
-
\??\c:\pjdjvnt.exec:\pjdjvnt.exe90⤵
-
\??\c:\hfvrxdr.exec:\hfvrxdr.exe91⤵
-
\??\c:\rrnhvx.exec:\rrnhvx.exe92⤵
-
\??\c:\dldbjdn.exec:\dldbjdn.exe93⤵
-
\??\c:\xnbfj.exec:\xnbfj.exe94⤵
-
\??\c:\jvxrf.exec:\jvxrf.exe95⤵
-
\??\c:\llppph.exec:\llppph.exe96⤵
-
\??\c:\trdbj.exec:\trdbj.exe97⤵
-
\??\c:\hjjdp.exec:\hjjdp.exe98⤵
-
\??\c:\rdjdvf.exec:\rdjdvf.exe99⤵
-
\??\c:\vjfjnt.exec:\vjfjnt.exe100⤵
-
\??\c:\jbrbpn.exec:\jbrbpn.exe101⤵
-
\??\c:\xjjxxhb.exec:\xjjxxhb.exe102⤵
-
\??\c:\ffjhlf.exec:\ffjhlf.exe103⤵
-
\??\c:\jhnjrxx.exec:\jhnjrxx.exe104⤵
-
\??\c:\dthftfl.exec:\dthftfl.exe105⤵
-
\??\c:\jftfvfl.exec:\jftfvfl.exe106⤵
-
\??\c:\xrnbjlb.exec:\xrnbjlb.exe107⤵
-
\??\c:\ddtldnj.exec:\ddtldnj.exe108⤵
-
\??\c:\jjjdjrt.exec:\jjjdjrt.exe109⤵
-
\??\c:\lpdvb.exec:\lpdvb.exe110⤵
-
\??\c:\vfbfx.exec:\vfbfx.exe111⤵
-
\??\c:\dflftnn.exec:\dflftnn.exe112⤵
-
\??\c:\jltprxt.exec:\jltprxt.exe113⤵
-
\??\c:\fvtjvt.exec:\fvtjvt.exe114⤵
-
\??\c:\bllrjbt.exec:\bllrjbt.exe115⤵
-
\??\c:\rbbnbfn.exec:\rbbnbfn.exe116⤵
-
\??\c:\vvhpd.exec:\vvhpd.exe117⤵
-
\??\c:\jpxpxdd.exec:\jpxpxdd.exe118⤵
-
\??\c:\nbvdldl.exec:\nbvdldl.exe119⤵
-
\??\c:\dvnflft.exec:\dvnflft.exe120⤵
-
\??\c:\xfhbbp.exec:\xfhbbp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-