Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05-09-2024 12:29
General
-
Target
bbcbc89c52699aa7a6841287619ffec0N.exe
-
Size
70KB
-
MD5
bbcbc89c52699aa7a6841287619ffec0
-
SHA1
c78f0ffe144e9094968fa283cf28a348fc25d18f
-
SHA256
35175234c8e6192338a30c4b955daad9e403656167eda8d40d385bc75d216ecd
-
SHA512
8f777e0e4904e27c317e4620d93d11799d995ee5ba5774d18e537172abfce3ded57255d7a6325ee9dae8b1756ea86ea4a3a4e47721f658b5562a85e1e194589f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWPqBr3:ymb3NkkiQ3mdBjFIqsr3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bbcbc89c52699aa7a6841287619ffec0N.exe"C:\Users\Admin\AppData\Local\Temp\bbcbc89c52699aa7a6841287619ffec0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnh.exec:\bnhtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjj.exec:\7ppjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlflrx.exec:\9xlflrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppp.exec:\9dppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffrrll.exec:\3ffrrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlllf.exec:\rlrlllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thbbb.exec:\9thbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrlrr.exec:\7rxrlrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffff.exec:\xxfffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbb.exec:\tbbbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnn.exec:\nttnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllx.exec:\rrxxllx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnn.exec:\hhnnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnh.exec:\ttttnh.exe23⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\frlfrrl.exec:\frlfrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\7bbbtt.exec:\7bbbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxrlll.exec:\lfxrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\5xfxxxx.exec:\5xfxxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\httnbt.exec:\httnbt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrrllf.exec:\lfrrllf.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbhhh.exec:\hhbhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe35⤵
- Executes dropped EXE
-
\??\c:\flrrlxr.exec:\flrrlxr.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfrlxx.exec:\rlfrlxx.exe37⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfffff.exec:\rlfffff.exe41⤵
- Executes dropped EXE
-
\??\c:\flxrrrr.exec:\flxrrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\5nnhbb.exec:\5nnhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\xfrlllf.exec:\xfrlllf.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe48⤵
- Executes dropped EXE
-
\??\c:\thttnt.exec:\thttnt.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe51⤵
- Executes dropped EXE
-
\??\c:\5llfxxx.exec:\5llfxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\rflfffx.exec:\rflfffx.exe53⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\3vdvp.exec:\3vdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\lflfxrl.exec:\lflfxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\9bhtnn.exec:\9bhtnn.exe59⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe60⤵
- Executes dropped EXE
-
\??\c:\lxxrxxr.exec:\lxxrxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\3ffxxxr.exec:\3ffxxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhtnn.exec:\hbhtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe64⤵
- Executes dropped EXE
-
\??\c:\rrrlfll.exec:\rrrlfll.exe65⤵
- Executes dropped EXE
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe66⤵
-
\??\c:\htbttt.exec:\htbttt.exe67⤵
-
\??\c:\thbnnt.exec:\thbnnt.exe68⤵
-
\??\c:\jddvp.exec:\jddvp.exe69⤵
-
\??\c:\9djdv.exec:\9djdv.exe70⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe71⤵
-
\??\c:\rfllfll.exec:\rfllfll.exe72⤵
-
\??\c:\nnnnht.exec:\nnnnht.exe73⤵
-
\??\c:\btbthh.exec:\btbthh.exe74⤵
-
\??\c:\7pjpp.exec:\7pjpp.exe75⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe76⤵
-
\??\c:\xrxxxlf.exec:\xrxxxlf.exe77⤵
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe78⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe79⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe80⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe81⤵
-
\??\c:\rrlllll.exec:\rrlllll.exe82⤵
-
\??\c:\5frrlrl.exec:\5frrlrl.exe83⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe84⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe85⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe86⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe87⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe88⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe89⤵
-
\??\c:\1hbttt.exec:\1hbttt.exe90⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe91⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe92⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe93⤵
-
\??\c:\9rfrllf.exec:\9rfrllf.exe94⤵
-
\??\c:\3lfrlrr.exec:\3lfrlrr.exe95⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe96⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe97⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe98⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe99⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe100⤵
-
\??\c:\9xlfxxx.exec:\9xlfxxx.exe101⤵
-
\??\c:\lrrllxx.exec:\lrrllxx.exe102⤵
-
\??\c:\3bbttt.exec:\3bbttt.exe103⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe104⤵
-
\??\c:\pdddv.exec:\pdddv.exe105⤵
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe106⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe107⤵
-
\??\c:\nttbbb.exec:\nttbbb.exe108⤵
-
\??\c:\3htnhh.exec:\3htnhh.exe109⤵
-
\??\c:\jjddj.exec:\jjddj.exe110⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe111⤵
-
\??\c:\1lrrlxr.exec:\1lrrlxr.exe112⤵
-
\??\c:\ffrxffl.exec:\ffrxffl.exe113⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe114⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe115⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe116⤵
-
\??\c:\jddvp.exec:\jddvp.exe117⤵
-
\??\c:\rrxfffl.exec:\rrxfffl.exe118⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe119⤵
-
\??\c:\bhhhbn.exec:\bhhhbn.exe120⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-