Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05-09-2024 12:14
General
-
Target
830828fc55b9dd518a221e81d80c08c0N.exe
-
Size
64KB
-
MD5
830828fc55b9dd518a221e81d80c08c0
-
SHA1
184dd47840911eff449d91aeb5b6a6b85f407ef6
-
SHA256
c5b57d09803241e934c7e720d7f1b3da33f11a99c482693f9545d3660f9b414a
-
SHA512
fee7a90399b626710541498e452ed7bfa41b0b9d607a02c71bce2627cbe463342d68b993bc04a04b99bd7661f194cde47868e589bbe414cfca67ee4e36211634
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B1g:ymb3NkkiQ3mdBjFI9cW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\830828fc55b9dd518a221e81d80c08c0N.exe"C:\Users\Admin\AppData\Local\Temp\830828fc55b9dd518a221e81d80c08c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdj.exec:\ppvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffflr.exec:\9xffflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xllflf.exec:\9xllflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhtn.exec:\nbhhtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbtn.exec:\1hbbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbtt.exec:\tbtbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnt.exec:\nnbtnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxll.exec:\frxlxll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnn.exec:\bhhbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjd.exec:\jjdjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffr.exec:\rlxxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbbtn.exec:\5tbbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbn.exec:\nhhhbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvj.exec:\vvdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrflf.exec:\xxrrflf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxrl.exec:\llrlxrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhhn.exec:\tthhhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\5pddd.exec:\5pddd.exe24⤵
- Executes dropped EXE
-
\??\c:\lllrfff.exec:\lllrfff.exe25⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\9lffxfx.exec:\9lffxfx.exe29⤵
- Executes dropped EXE
-
\??\c:\bthbbt.exec:\bthbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe31⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\lrllffx.exec:\lrllffx.exe33⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhhbn.exec:\nnhhbn.exe35⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxffxxr.exec:\lxffxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\lrlfxrr.exec:\lrlfxrr.exe38⤵
- Executes dropped EXE
-
\??\c:\1thbth.exec:\1thbth.exe39⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\bhtnhh.exec:\bhtnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\lrfrrrr.exec:\lrfrrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\xfllrrx.exec:\xfllrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\tbbbtn.exec:\tbbbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\9jjjp.exec:\9jjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\rffxxxx.exec:\rffxxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\5lffxlf.exec:\5lffxlf.exe51⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe52⤵
- Executes dropped EXE
-
\??\c:\ntnnbb.exec:\ntnnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe55⤵
- Executes dropped EXE
-
\??\c:\lrxxrlf.exec:\lrxxrlf.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe57⤵
- Executes dropped EXE
-
\??\c:\7httbb.exec:\7httbb.exe58⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe60⤵
- Executes dropped EXE
-
\??\c:\rxxrrll.exec:\rxxrrll.exe61⤵
- Executes dropped EXE
-
\??\c:\3htttb.exec:\3htttb.exe62⤵
- Executes dropped EXE
-
\??\c:\9jddd.exec:\9jddd.exe63⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe64⤵
- Executes dropped EXE
-
\??\c:\rfllfll.exec:\rfllfll.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe66⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe67⤵
-
\??\c:\7ttbbh.exec:\7ttbbh.exe68⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe69⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe70⤵
-
\??\c:\fxfrxrl.exec:\fxfrxrl.exe71⤵
-
\??\c:\rffffxx.exec:\rffffxx.exe72⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe73⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe74⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe75⤵
-
\??\c:\fxlfllx.exec:\fxlfllx.exe76⤵
-
\??\c:\rxffflf.exec:\rxffflf.exe77⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe78⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe79⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe80⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe81⤵
-
\??\c:\jvppj.exec:\jvppj.exe82⤵
-
\??\c:\fflfxll.exec:\fflfxll.exe83⤵
-
\??\c:\llrrxff.exec:\llrrxff.exe84⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe85⤵
-
\??\c:\btbtbn.exec:\btbtbn.exe86⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe87⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe88⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe89⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe90⤵
-
\??\c:\3xfrlll.exec:\3xfrlll.exe91⤵
-
\??\c:\1rxxxxf.exec:\1rxxxxf.exe92⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe93⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe94⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe95⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe96⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe97⤵
-
\??\c:\xrrxrxr.exec:\xrrxrxr.exe98⤵
-
\??\c:\tntthh.exec:\tntthh.exe99⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe100⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe101⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe102⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe103⤵
-
\??\c:\lrxrlfl.exec:\lrxrlfl.exe104⤵
-
\??\c:\tbnnbh.exec:\tbnnbh.exe105⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe106⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe107⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe108⤵
-
\??\c:\rffrfxl.exec:\rffrfxl.exe109⤵
-
\??\c:\3flxrxl.exec:\3flxrxl.exe110⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe111⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe112⤵
-
\??\c:\htnbtt.exec:\htnbtt.exe113⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe114⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe115⤵
-
\??\c:\xrrxffr.exec:\xrrxffr.exe116⤵
-
\??\c:\rlxrfll.exec:\rlxrfll.exe117⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe118⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe119⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe120⤵
-
\??\c:\5dpjv.exec:\5dpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-