Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/09/2024, 11:53
General
-
Target
287eae748a696cd262efbe8dc0d2d3d0N.exe
-
Size
71KB
-
MD5
287eae748a696cd262efbe8dc0d2d3d0
-
SHA1
0a1d9de1f2e73dfea6478c2ffd142d7143eff9b1
-
SHA256
35159a836f17acee26e0354e2bac2067056ab3594271319f83f796a80747fdd4
-
SHA512
1e3891a3ed8ae6fd5932e76952477c44329012b79d187d63cf7d871291a8d23f9c41d95902c43fa1fd09a69dc8c3248c05588fa9b83b5aa3e33eea21779d1b7c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicP/fZ:ymb3NkkiQ3mdBjFI4V4ci2/fZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\287eae748a696cd262efbe8dc0d2d3d0N.exe"C:\Users\Admin\AppData\Local\Temp\287eae748a696cd262efbe8dc0d2d3d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttn.exec:\bntttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvj.exec:\jpvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhbb.exec:\1bhhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffllx.exec:\xrffllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjd.exec:\pvjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflllr.exec:\xfflllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrllfr.exec:\rfrllfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhn.exec:\bnnnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnt.exec:\nbbbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnhh.exec:\3nnnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlffl.exec:\9rrlffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflll.exec:\rrfflll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbh.exec:\bnhhbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjv.exec:\7ppjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxffr.exec:\lffxffr.exe23⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe27⤵
- Executes dropped EXE
-
\??\c:\7llxrrl.exec:\7llxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\1nnhtt.exec:\1nnhtt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe31⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\frffxff.exec:\frffxff.exe33⤵
- Executes dropped EXE
-
\??\c:\rfllrrr.exec:\rfllrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\hnhhhh.exec:\hnhhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\hnhnhn.exec:\hnhnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\5nnhtt.exec:\5nnhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\1pddv.exec:\1pddv.exe39⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\lfrrxlr.exec:\lfrrxlr.exe42⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\9jpvp.exec:\9jpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\frxxffl.exec:\frxxffl.exe48⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\1btbnn.exec:\1btbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe52⤵
- Executes dropped EXE
-
\??\c:\5fxrllr.exec:\5fxrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\xffffxx.exec:\xffffxx.exe54⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe56⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe57⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe58⤵
- Executes dropped EXE
-
\??\c:\xrrfffx.exec:\xrrfffx.exe59⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe62⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe63⤵
- Executes dropped EXE
-
\??\c:\rxlxxxx.exec:\rxlxxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\lffllll.exec:\lffllll.exe65⤵
- Executes dropped EXE
-
\??\c:\thnnht.exec:\thnnht.exe66⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnnnhh.exec:\tnnnhh.exe67⤵
-
\??\c:\jvddv.exec:\jvddv.exe68⤵
-
\??\c:\vjddv.exec:\vjddv.exe69⤵
-
\??\c:\xxlrlrr.exec:\xxlrlrr.exe70⤵
-
\??\c:\fflfllf.exec:\fflfllf.exe71⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe72⤵
-
\??\c:\nntthh.exec:\nntthh.exe73⤵
-
\??\c:\dvppj.exec:\dvppj.exe74⤵
-
\??\c:\1ppvp.exec:\1ppvp.exe75⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe76⤵
-
\??\c:\lxfffrl.exec:\lxfffrl.exe77⤵
-
\??\c:\lflllll.exec:\lflllll.exe78⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe79⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe80⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe81⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe82⤵
-
\??\c:\1lfxffl.exec:\1lfxffl.exe83⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe84⤵
-
\??\c:\xxffffr.exec:\xxffffr.exe85⤵
-
\??\c:\ttnnhn.exec:\ttnnhn.exe86⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe87⤵
-
\??\c:\flrxxxr.exec:\flrxxxr.exe88⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe89⤵
-
\??\c:\tbnhhb.exec:\tbnhhb.exe90⤵
-
\??\c:\9djvj.exec:\9djvj.exe91⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe92⤵
-
\??\c:\lllfrrr.exec:\lllfrrr.exe93⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe94⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe95⤵
-
\??\c:\frrllrl.exec:\frrllrl.exe96⤵
-
\??\c:\3lllllf.exec:\3lllllf.exe97⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe98⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe99⤵
-
\??\c:\vpddd.exec:\vpddd.exe100⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe101⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe102⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe103⤵
-
\??\c:\ppddd.exec:\ppddd.exe104⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe105⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe106⤵
-
\??\c:\lrfrlll.exec:\lrfrlll.exe107⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe108⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe109⤵
-
\??\c:\vddjd.exec:\vddjd.exe110⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe111⤵
-
\??\c:\lrrfxff.exec:\lrrfxff.exe112⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe113⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe114⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe115⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe116⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe117⤵
-
\??\c:\rllrrrr.exec:\rllrrrr.exe118⤵
-
\??\c:\fffffff.exec:\fffffff.exe119⤵
-
\??\c:\thhtnn.exec:\thhtnn.exe120⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-