Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/09/2024, 00:57
General
-
Target
5a2f17a571075e8716d28ae94a69b50eaa042d2cee5bc834601c986779af7ba6.exe
-
Size
71KB
-
MD5
5206e13281a5a2ec34dd159ed0643c94
-
SHA1
80c17d25e960c1eb58f0e5b245aaec297505ae65
-
SHA256
5a2f17a571075e8716d28ae94a69b50eaa042d2cee5bc834601c986779af7ba6
-
SHA512
961bab46a51921885139d7faaae396a2e387f8bbd775be16ffb9e38fafac626e343889462d30b72070be750216e08356472f55b2179dc84bc3ecbeaa91f08238
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hgVsz:ymb3NkkiQ3mdBjFIj+qNhgVsz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a2f17a571075e8716d28ae94a69b50eaa042d2cee5bc834601c986779af7ba6.exe"C:\Users\Admin\AppData\Local\Temp\5a2f17a571075e8716d28ae94a69b50eaa042d2cee5bc834601c986779af7ba6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrllf.exec:\frxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtnt.exec:\hbhtnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpp.exec:\djvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlxxf.exec:\ffrlxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhhn.exec:\tnbhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvd.exec:\vvjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfffx.exec:\xrlfffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttnh.exec:\nbttnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpv.exec:\1pvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpj.exec:\pjjpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhbb.exec:\nbbhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnt.exec:\bbbtnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlfxlf.exec:\7xlfxlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtth.exec:\ttbtth.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjpv.exec:\3vjpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpj.exec:\9vvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\5hhhhh.exec:\5hhhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe25⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\lflfffx.exec:\lflfffx.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhbbn.exec:\nhhbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\9tbnnh.exec:\9tbnnh.exe30⤵
- Executes dropped EXE
-
\??\c:\3vpdd.exec:\3vpdd.exe31⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rffxlfr.exec:\rffxlfr.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\nbthnb.exec:\nbthnb.exe35⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe36⤵
- Executes dropped EXE
-
\??\c:\3ffxfxr.exec:\3ffxfxr.exe37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rflfxrf.exec:\rflfxrf.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbhbtn.exec:\tbhbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\5bnhtn.exec:\5bnhtn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\bttnnt.exec:\bttnnt.exe43⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\hhhnnn.exec:\hhhnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxlflll.exec:\xxlflll.exe51⤵
- Executes dropped EXE
-
\??\c:\5lxffff.exec:\5lxffff.exe52⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\3hnnbh.exec:\3hnnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrlfxf.exec:\rxrlfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\lfffxff.exec:\lfffxff.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhhht.exec:\hbhhht.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbnhbb.exec:\nbnhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe62⤵
- Executes dropped EXE
-
\??\c:\frrfflr.exec:\frrfflr.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe66⤵
-
\??\c:\5ddvv.exec:\5ddvv.exe67⤵
-
\??\c:\lxxrxxx.exec:\lxxrxxx.exe68⤵
-
\??\c:\xfrxrll.exec:\xfrxrll.exe69⤵
-
\??\c:\1thnhh.exec:\1thnhh.exe70⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe71⤵
-
\??\c:\dddvp.exec:\dddvp.exe72⤵
-
\??\c:\lxlfxrr.exec:\lxlfxrr.exe73⤵
-
\??\c:\fxfrrxr.exec:\fxfrrxr.exe74⤵
-
\??\c:\tbtnht.exec:\tbtnht.exe75⤵
-
\??\c:\3ttnnt.exec:\3ttnnt.exe76⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe77⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe78⤵
-
\??\c:\9xlrlxf.exec:\9xlrlxf.exe79⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe80⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe81⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe82⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe83⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe84⤵
-
\??\c:\llfxrlr.exec:\llfxrlr.exe85⤵
-
\??\c:\lxrlxrf.exec:\lxrlxrf.exe86⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe87⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe88⤵
-
\??\c:\pddvp.exec:\pddvp.exe89⤵
-
\??\c:\xrfrxlf.exec:\xrfrxlf.exe90⤵
-
\??\c:\5xffxxx.exec:\5xffxxx.exe91⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe92⤵
-
\??\c:\hnbbtb.exec:\hnbbtb.exe93⤵
-
\??\c:\7djjv.exec:\7djjv.exe94⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe95⤵
-
\??\c:\xllxllx.exec:\xllxllx.exe96⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe97⤵
-
\??\c:\1tbthh.exec:\1tbthh.exe98⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe99⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe100⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe101⤵
-
\??\c:\1bbbtn.exec:\1bbbtn.exe102⤵
-
\??\c:\ttbhbb.exec:\ttbhbb.exe103⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe104⤵
-
\??\c:\5jpvp.exec:\5jpvp.exe105⤵
-
\??\c:\rxflllr.exec:\rxflllr.exe106⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe107⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe108⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe109⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe110⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe111⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe112⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe113⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe114⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe115⤵
-
\??\c:\5jddj.exec:\5jddj.exe116⤵
-
\??\c:\fxfxrfr.exec:\fxfxrfr.exe117⤵
-
\??\c:\fllxxrx.exec:\fllxxrx.exe118⤵
-
\??\c:\btbntb.exec:\btbntb.exe119⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe120⤵
-
\??\c:\jvddv.exec:\jvddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-