Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 00:35
General
-
Target
f59154d4b5c203cc7b5848710dbb4160N.exe
-
Size
230KB
-
MD5
f59154d4b5c203cc7b5848710dbb4160
-
SHA1
1e41f5362c3ccc130fec629089297570491f934b
-
SHA256
1569b7d77388f600014e7874fd12d2988c6046b93b9efcde5c6b3c2f284ee5ed
-
SHA512
b1c3af4fe16032fea44d31969276e93d4b70fdc60416a00419bf017f3c9206927dfc5f238772b1c80a0b086753f0c7b9effde3a086c14d879974c1635a3cebc6
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLjBeG+k:n3C9BRo7MlrWKo+lxKJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f59154d4b5c203cc7b5848710dbb4160N.exe"C:\Users\Admin\AppData\Local\Temp\f59154d4b5c203cc7b5848710dbb4160N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvdv.exec:\jpvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhnn.exec:\hnnhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttt.exec:\hntttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpd.exec:\vdvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrflf.exec:\rrxrflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxfr.exec:\xxllxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbbh.exec:\1nhbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhbh.exec:\3hhhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvvp.exec:\7pvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhh.exec:\bhnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhhh.exec:\tbnhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxrrr.exec:\7xfxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnhb.exec:\htnnhb.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllfff.exec:\xxllfff.exe23⤵
- Executes dropped EXE
-
\??\c:\frrrlll.exec:\frrrlll.exe24⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrlrll.exec:\rlrlrll.exe27⤵
- Executes dropped EXE
-
\??\c:\9httbh.exec:\9httbh.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\lrrxfxf.exec:\lrrxfxf.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhhhn.exec:\hhhhhn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrlfrrf.exec:\rrlfrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\nbttnn.exec:\nbttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\lrlfxxx.exec:\lrlfxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbbtb.exec:\tnbbtb.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppjdp.exec:\ppjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbnnn.exec:\bbbnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe45⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe46⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\rxlllll.exec:\rxlllll.exe48⤵
- Executes dropped EXE
-
\??\c:\7nhttt.exec:\7nhttt.exe49⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe51⤵
- Executes dropped EXE
-
\??\c:\fxllfff.exec:\fxllfff.exe52⤵
- Executes dropped EXE
-
\??\c:\xrxfxll.exec:\xrxfxll.exe53⤵
- Executes dropped EXE
-
\??\c:\9tbtnn.exec:\9tbtnn.exe54⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe55⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe56⤵
- Executes dropped EXE
-
\??\c:\1rxrrxx.exec:\1rxrrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\7thbhh.exec:\7thbhh.exe58⤵
- Executes dropped EXE
-
\??\c:\5thhht.exec:\5thhht.exe59⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xffxrrl.exec:\xffxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\5lrlffx.exec:\5lrlffx.exe63⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe64⤵
- Executes dropped EXE
-
\??\c:\3nttnn.exec:\3nttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe66⤵
-
\??\c:\rxllfxx.exec:\rxllfxx.exe67⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe68⤵
-
\??\c:\7tnbtt.exec:\7tnbtt.exe69⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe70⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe71⤵
-
\??\c:\dpppj.exec:\dpppj.exe72⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe73⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe74⤵
-
\??\c:\ffrxrxx.exec:\ffrxrxx.exe75⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe76⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe77⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe78⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe79⤵
-
\??\c:\1thbbb.exec:\1thbbb.exe80⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe81⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe82⤵
-
\??\c:\7tbtnn.exec:\7tbtnn.exe83⤵
-
\??\c:\vjddd.exec:\vjddd.exe84⤵
-
\??\c:\9llrllf.exec:\9llrllf.exe85⤵
-
\??\c:\llllfll.exec:\llllfll.exe86⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe87⤵
-
\??\c:\5bhbhh.exec:\5bhbhh.exe88⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djvpd.exec:\djvpd.exe90⤵
-
\??\c:\rrfxrxr.exec:\rrfxrxr.exe91⤵
-
\??\c:\xrflllf.exec:\xrflllf.exe92⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe93⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe94⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe95⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe96⤵
-
\??\c:\llxrrrx.exec:\llxrrrx.exe97⤵
-
\??\c:\llllflf.exec:\llllflf.exe98⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe99⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe100⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe101⤵
-
\??\c:\lfflllx.exec:\lfflllx.exe102⤵
-
\??\c:\xrrxlrl.exec:\xrrxlrl.exe103⤵
-
\??\c:\bbthnh.exec:\bbthnh.exe104⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe105⤵
-
\??\c:\vddvp.exec:\vddvp.exe106⤵
-
\??\c:\djppd.exec:\djppd.exe107⤵
-
\??\c:\ffrlxfx.exec:\ffrlxfx.exe108⤵
-
\??\c:\fxfrlfx.exec:\fxfrlfx.exe109⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe110⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe111⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe112⤵
-
\??\c:\1lfxllf.exec:\1lfxllf.exe113⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe114⤵
-
\??\c:\7bbttt.exec:\7bbttt.exe115⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe116⤵
-
\??\c:\djjjj.exec:\djjjj.exe117⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe118⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe119⤵
-
\??\c:\fxxllfx.exec:\fxxllfx.exe120⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-