Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 04:46
General
-
Target
b01d57fe9717c54fe9569c61416b7f90N.exe
-
Size
382KB
-
MD5
b01d57fe9717c54fe9569c61416b7f90
-
SHA1
ad05425e7a49946c0d21bea7632e2727d760873e
-
SHA256
d316ddc7d66a6b6371bce0453e68dc1414b62a2236598f4283b262d6e98ad461
-
SHA512
c2216c2a7e1219a0770e23ea011730e8d4937c2d95a7cadfecde42e4cde8430bb3ce79d78c3a503b1828b29712a3bdb20b53bbdd3e549e00a4e1b244e77d8c18
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHqL3yeHmlwe+axBcot39vUDbYhzod04:n3C9BRo7tvnJ99T/KZEL3c5BTkPXKpw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b01d57fe9717c54fe9569c61416b7f90N.exe"C:\Users\Admin\AppData\Local\Temp\b01d57fe9717c54fe9569c61416b7f90N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxllx.exec:\rxfxllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxfll.exec:\xlfxfll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbh.exec:\ttthbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrxr.exec:\xlxrrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrfx.exec:\rfffrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbh.exec:\hthnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnn.exec:\ntbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxxxr.exec:\rflxxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrflx.exec:\rrrrflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthb.exec:\tbbthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfrxl.exec:\rflfrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbtn.exec:\bnnbtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhb.exec:\hnthhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrfl.exec:\fxffrfl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhbtb.exec:\9hhbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfllll.exec:\rxfllll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhht.exec:\nhnhht.exe23⤵
- Executes dropped EXE
-
\??\c:\7hbnht.exec:\7hbnht.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlxrr.exec:\xrrlxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\bnhbbt.exec:\bnhbbt.exe26⤵
- Executes dropped EXE
-
\??\c:\9jjdp.exec:\9jjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\fffrlxr.exec:\fffrlxr.exe28⤵
- Executes dropped EXE
-
\??\c:\htthtn.exec:\htthtn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\5pjjd.exec:\5pjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\nnbthh.exec:\nnbthh.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe34⤵
- Executes dropped EXE
-
\??\c:\dpvdp.exec:\dpvdp.exe35⤵
- Executes dropped EXE
-
\??\c:\lxxrlxr.exec:\lxxrlxr.exe36⤵
- Executes dropped EXE
-
\??\c:\5bbthb.exec:\5bbthb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrlrlx.exec:\rlrlrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxrfxx.exec:\xrxrfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe43⤵
- Executes dropped EXE
-
\??\c:\9rfxllf.exec:\9rfxllf.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhtnh.exec:\nhhtnh.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbtnh.exec:\nhbtnh.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\xffxrxf.exec:\xffxrxf.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrrlrf.exec:\xrrrlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\dppdp.exec:\dppdp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bnhbbt.exec:\bnhbbt.exe54⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe56⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\tbthbt.exec:\tbthbt.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\xflxrll.exec:\xflxrll.exe61⤵
- Executes dropped EXE
-
\??\c:\hnnbtt.exec:\hnnbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe63⤵
- Executes dropped EXE
-
\??\c:\3pjdv.exec:\3pjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\rrlxffx.exec:\rrlxffx.exe65⤵
- Executes dropped EXE
-
\??\c:\9ffrrrl.exec:\9ffrrrl.exe66⤵
-
\??\c:\nhnbnh.exec:\nhnbnh.exe67⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe68⤵
-
\??\c:\xllrlrf.exec:\xllrlrf.exe69⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe70⤵
-
\??\c:\5jpjv.exec:\5jpjv.exe71⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe72⤵
-
\??\c:\llrrxrf.exec:\llrrxrf.exe73⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe74⤵
-
\??\c:\bthbbt.exec:\bthbbt.exe75⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe76⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe77⤵
-
\??\c:\9lfrllf.exec:\9lfrllf.exe78⤵
-
\??\c:\hbhthb.exec:\hbhthb.exe79⤵
-
\??\c:\7nbnhb.exec:\7nbnhb.exe80⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe81⤵
-
\??\c:\rrrlfxl.exec:\rrrlfxl.exe82⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe83⤵
-
\??\c:\nntbhh.exec:\nntbhh.exe84⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe85⤵
-
\??\c:\5lfrxrl.exec:\5lfrxrl.exe86⤵
-
\??\c:\xfllxrl.exec:\xfllxrl.exe87⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe88⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe89⤵
-
\??\c:\jddvp.exec:\jddvp.exe90⤵
-
\??\c:\fxrfrll.exec:\fxrfrll.exe91⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe92⤵
-
\??\c:\dppjd.exec:\dppjd.exe93⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe94⤵
-
\??\c:\lxfrfxx.exec:\lxfrfxx.exe95⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe96⤵
-
\??\c:\llflfxr.exec:\llflfxr.exe97⤵
-
\??\c:\frfxrxl.exec:\frfxrxl.exe98⤵
-
\??\c:\htttnn.exec:\htttnn.exe99⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe100⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe101⤵
-
\??\c:\rlfxllx.exec:\rlfxllx.exe102⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe103⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe104⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe105⤵
-
\??\c:\9lfxllf.exec:\9lfxllf.exe106⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe107⤵
-
\??\c:\jpddp.exec:\jpddp.exe108⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe109⤵
-
\??\c:\xxxrfxr.exec:\xxxrfxr.exe110⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe111⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe112⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe113⤵
-
\??\c:\rlrfrfr.exec:\rlrfrfr.exe114⤵
-
\??\c:\9nhbnn.exec:\9nhbnn.exe115⤵
-
\??\c:\jddvp.exec:\jddvp.exe116⤵
-
\??\c:\rrxxrrl.exec:\rrxxrrl.exe117⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe118⤵
-
\??\c:\nhbtnb.exec:\nhbtnb.exe119⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe120⤵
-
\??\c:\rfrlxlf.exec:\rfrlxlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-