Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 10:06
General
-
Target
afd106fd955c1ebd86a4553e488fdc10N.exe
-
Size
250KB
-
MD5
afd106fd955c1ebd86a4553e488fdc10
-
SHA1
f24c855b50ab0abff082f39afe38dd5609cdabe5
-
SHA256
5d4f62cb3f2b7fa8b4ee0e4105ef3dfe06a36fd2a56f95b65f20baa383c6eaee
-
SHA512
9a3b38fa67ca61b366b064f8dba28f614a0a82a7e69f4d10908810b40f383c61990a553bfa0fd069de37582329e2d79d7ff68667e7b4efec31c492327e3cbabd
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRly:n3C9uD6AUDCa4NYmR0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afd106fd955c1ebd86a4553e488fdc10N.exe"C:\Users\Admin\AppData\Local\Temp\afd106fd955c1ebd86a4553e488fdc10N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxfl.exec:\xlrxxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfxff.exec:\xxlfxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllfr.exec:\fxlllfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrffrx.exec:\rrrffrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tthbh.exec:\1tthbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxrf.exec:\xxrlxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhhb.exec:\nbbhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxxrr.exec:\xflxxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnh.exec:\ttttnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhnt.exec:\nbbhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnnh.exec:\bhhnnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxffrr.exec:\rfxffrr.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnntb.exec:\bbnntb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jddd.exec:\9jddd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrrrr.exec:\llrrrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbhh.exec:\thbbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpv.exec:\jpjpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhntb.exec:\hnhntb.exe23⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe24⤵
- Executes dropped EXE
-
\??\c:\tttbhn.exec:\tttbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\tbbnnn.exec:\tbbnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrxfl.exec:\lflrxfl.exe29⤵
- Executes dropped EXE
-
\??\c:\bhnnnn.exec:\bhnnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\flxflrx.exec:\flxflrx.exe32⤵
- Executes dropped EXE
-
\??\c:\jppvv.exec:\jppvv.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbtth.exec:\tnbtth.exe34⤵
- Executes dropped EXE
-
\??\c:\9thbtt.exec:\9thbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\lrffllr.exec:\lrffllr.exe37⤵
- Executes dropped EXE
-
\??\c:\7xlllrx.exec:\7xlllrx.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtntb.exec:\bbtntb.exe39⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\flflfrf.exec:\flflfrf.exe42⤵
- Executes dropped EXE
-
\??\c:\bbhhht.exec:\bbhhht.exe43⤵
- Executes dropped EXE
-
\??\c:\thtnht.exec:\thtnht.exe44⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxflrr.exec:\xrxflrr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhnth.exec:\hbhnth.exe47⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe50⤵
- Executes dropped EXE
-
\??\c:\xfrxrxr.exec:\xfrxrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe52⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe53⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe54⤵
- Executes dropped EXE
-
\??\c:\flxlllf.exec:\flxlllf.exe55⤵
- Executes dropped EXE
-
\??\c:\5nhhbh.exec:\5nhhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\3jppp.exec:\3jppp.exe57⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe58⤵
- Executes dropped EXE
-
\??\c:\flfxlfr.exec:\flfxlfr.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtbbh.exec:\bbtbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\frfxxll.exec:\frfxxll.exe62⤵
- Executes dropped EXE
-
\??\c:\fflxxxx.exec:\fflxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\hthbbn.exec:\hthbbn.exe64⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxrrll.exec:\xrxrrll.exe66⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe67⤵
-
\??\c:\thbbtb.exec:\thbbtb.exe68⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe69⤵
-
\??\c:\hbttth.exec:\hbttth.exe70⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe71⤵
-
\??\c:\jvddv.exec:\jvddv.exe72⤵
-
\??\c:\rlrlxll.exec:\rlrlxll.exe73⤵
-
\??\c:\bnhtbn.exec:\bnhtbn.exe74⤵
-
\??\c:\djpjp.exec:\djpjp.exe75⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlxfxll.exec:\rlxfxll.exe76⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe77⤵
-
\??\c:\7ppvp.exec:\7ppvp.exe78⤵
-
\??\c:\vpppp.exec:\vpppp.exe79⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe80⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe81⤵
-
\??\c:\vvppp.exec:\vvppp.exe82⤵
-
\??\c:\djddd.exec:\djddd.exe83⤵
-
\??\c:\llxxfff.exec:\llxxfff.exe84⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe85⤵
-
\??\c:\rfxlrxl.exec:\rfxlrxl.exe86⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe87⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe88⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe89⤵
-
\??\c:\llrllfl.exec:\llrllfl.exe90⤵
-
\??\c:\xxrxxlr.exec:\xxrxxlr.exe91⤵
-
\??\c:\9btnbn.exec:\9btnbn.exe92⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe93⤵
-
\??\c:\llxrllr.exec:\llxrllr.exe94⤵
-
\??\c:\xxrlxfl.exec:\xxrlxfl.exe95⤵
-
\??\c:\nhhbbh.exec:\nhhbbh.exe96⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe97⤵
-
\??\c:\lxlfxff.exec:\lxlfxff.exe98⤵
-
\??\c:\1xlfxxl.exec:\1xlfxxl.exe99⤵
-
\??\c:\hhhnth.exec:\hhhnth.exe100⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe101⤵
-
\??\c:\xflllff.exec:\xflllff.exe102⤵
-
\??\c:\lllllxl.exec:\lllllxl.exe103⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe104⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe105⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe106⤵
-
\??\c:\1fllflx.exec:\1fllflx.exe107⤵
-
\??\c:\bbhbht.exec:\bbhbht.exe108⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe109⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe110⤵
-
\??\c:\rxxllrr.exec:\rxxllrr.exe111⤵
-
\??\c:\hnnntt.exec:\hnnntt.exe112⤵
-
\??\c:\bhtnbn.exec:\bhtnbn.exe113⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe114⤵
-
\??\c:\lrfflrx.exec:\lrfflrx.exe115⤵
-
\??\c:\fxflfll.exec:\fxflfll.exe116⤵
-
\??\c:\7nnnnh.exec:\7nnnnh.exe117⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe118⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe119⤵
-
\??\c:\llfffll.exec:\llfffll.exe120⤵
-
\??\c:\tnnbth.exec:\tnnbth.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-