Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
28-08-2024 19:57
General
-
Target
23ff36c6b75556404a078fbc1f1ad24375bbfd85113a765f67606c26080d1e8f.exe
-
Size
67KB
-
MD5
1a4da2ba9f5b2b15ab3de99e89333d9f
-
SHA1
db7776e58f808c76ccf76f8738251f41ea990bdd
-
SHA256
23ff36c6b75556404a078fbc1f1ad24375bbfd85113a765f67606c26080d1e8f
-
SHA512
cdadea79c73fa43fe0c2bf106be3dac42079a54abe04da3a3749bb132607f0ce680fb8a33d2725922ae5907351de6ac1d3d35fcc551363ddad1cc92d258a24a1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcp:ymb3NkkiQ3mdBjFIsIVcp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23ff36c6b75556404a078fbc1f1ad24375bbfd85113a765f67606c26080d1e8f.exe"C:\Users\Admin\AppData\Local\Temp\23ff36c6b75556404a078fbc1f1ad24375bbfd85113a765f67606c26080d1e8f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frllfrr.exec:\frllfrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtb.exec:\ththtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdj.exec:\vjjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpd.exec:\jpdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrrr.exec:\fxlfrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbtn.exec:\9bbbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhbhh.exec:\7bhbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdp.exec:\dppdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthhh.exec:\hhthhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbb.exec:\ttnnbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddv.exec:\3pddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdd.exec:\vpvdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrllf.exec:\3xxrllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbtn.exec:\nbnbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbhb.exec:\tnhbhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdd.exec:\jpjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddp.exec:\5jddp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxlfx.exec:\xffxlfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlxrlx.exec:\3rlxrlx.exe23⤵
- Executes dropped EXE
-
\??\c:\frlrxxr.exec:\frlrxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbtnt.exec:\hhbtnt.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe26⤵
- Executes dropped EXE
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\9fllffx.exec:\9fllffx.exe28⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe29⤵
- Executes dropped EXE
-
\??\c:\7ttnbb.exec:\7ttnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrllrr.exec:\ffrllrr.exe32⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\3nhtnt.exec:\3nhtnt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\rrlxfrr.exec:\rrlxfrr.exe39⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe41⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe43⤵
- Executes dropped EXE
-
\??\c:\1rxlfxl.exec:\1rxlfxl.exe44⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\7vpjv.exec:\7vpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\xxxrfff.exec:\xxxrfff.exe48⤵
- Executes dropped EXE
-
\??\c:\7nbbhn.exec:\7nbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe50⤵
- Executes dropped EXE
-
\??\c:\lrrrrrx.exec:\lrrrrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\5rxrlll.exec:\5rxrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrlrfr.exec:\xlrlrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe58⤵
- Executes dropped EXE
-
\??\c:\5thtbn.exec:\5thtbn.exe59⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe61⤵
- Executes dropped EXE
-
\??\c:\7llfffr.exec:\7llfffr.exe62⤵
- Executes dropped EXE
-
\??\c:\ntnbbt.exec:\ntnbbt.exe63⤵
- Executes dropped EXE
-
\??\c:\9bnhth.exec:\9bnhth.exe64⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe66⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe67⤵
-
\??\c:\lffrlfx.exec:\lffrlfx.exe68⤵
-
\??\c:\3rfxxfx.exec:\3rfxxfx.exe69⤵
-
\??\c:\bhhbtb.exec:\bhhbtb.exe70⤵
-
\??\c:\bnnbbb.exec:\bnnbbb.exe71⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe72⤵
-
\??\c:\pddjd.exec:\pddjd.exe73⤵
-
\??\c:\5rrlxfx.exec:\5rrlxfx.exe74⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe75⤵
-
\??\c:\7bthbt.exec:\7bthbt.exe76⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe77⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe78⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe79⤵
-
\??\c:\fllfrrl.exec:\fllfrrl.exe80⤵
-
\??\c:\ffllfff.exec:\ffllfff.exe81⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe82⤵
-
\??\c:\7bthtn.exec:\7bthtn.exe83⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe84⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe85⤵
-
\??\c:\1llxlxr.exec:\1llxlxr.exe86⤵
-
\??\c:\llxrrlf.exec:\llxrrlf.exe87⤵
-
\??\c:\7tttnh.exec:\7tttnh.exe88⤵
-
\??\c:\1bbtnh.exec:\1bbtnh.exe89⤵
-
\??\c:\dppjv.exec:\dppjv.exe90⤵
-
\??\c:\1djdd.exec:\1djdd.exe91⤵
-
\??\c:\llrlxrx.exec:\llrlxrx.exe92⤵
-
\??\c:\lxxllll.exec:\lxxllll.exe93⤵
-
\??\c:\thbttn.exec:\thbttn.exe94⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe95⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe96⤵
-
\??\c:\7xfxffl.exec:\7xfxffl.exe97⤵
-
\??\c:\lllrllf.exec:\lllrllf.exe98⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe99⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe100⤵
-
\??\c:\5jjpj.exec:\5jjpj.exe101⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe102⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe103⤵
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe104⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe105⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe106⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe107⤵
-
\??\c:\9jpvj.exec:\9jpvj.exe108⤵
-
\??\c:\fxxlffx.exec:\fxxlffx.exe109⤵
-
\??\c:\9ttthh.exec:\9ttthh.exe110⤵
-
\??\c:\nntbbb.exec:\nntbbb.exe111⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe112⤵
-
\??\c:\rfflffx.exec:\rfflffx.exe113⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe114⤵
-
\??\c:\tnbtnt.exec:\tnbtnt.exe115⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe116⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe117⤵
-
\??\c:\rrxlxff.exec:\rrxlxff.exe118⤵
-
\??\c:\9nbtnn.exec:\9nbtnn.exe119⤵
-
\??\c:\thnntt.exec:\thnntt.exe120⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-