Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-09-2024 14:54
General
-
Target
83011b160c7bfc88d03921004e96b5e0N.exe
-
Size
106KB
-
MD5
83011b160c7bfc88d03921004e96b5e0
-
SHA1
5340b8052aa012ad54bd62f106179e0763e00c63
-
SHA256
3b50f23b35aab14e233330180f740f7664cb8a5d85fd5df8ac0cb4b71162b2b8
-
SHA512
b4d0d55024151cc48ba9a88b3bce12041ffd1c226dd5034844a1db708b221e3bd1e6077c5a9edf0db7cfda324af6dfdb39972a816b87ff78c2048ff55fa7506b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+buwUGu3P3Cm5:n3C9BRo7MlrWKVT+buBGu3PH5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83011b160c7bfc88d03921004e96b5e0N.exe"C:\Users\Admin\AppData\Local\Temp\83011b160c7bfc88d03921004e96b5e0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxrf.exec:\rlxlxrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbh.exec:\nhntbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvp.exec:\9dvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbbb.exec:\1hhbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlxrrl.exec:\5rlxrrl.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\9nttnn.exec:\9nttnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxffxx.exec:\5fxffxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btnhn.exec:\5btnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbh.exec:\hbbbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttt.exec:\bttttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvp.exec:\9ddvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllf.exec:\lfxrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnn.exec:\tbbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxxxx.exec:\1rrxxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbb.exec:\3nnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\1djjv.exec:\1djjv.exe25⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe26⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\ttbtbb.exec:\ttbtbb.exe28⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe29⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe31⤵
- Executes dropped EXE
-
\??\c:\3xxxrrl.exec:\3xxxrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\tbbnbt.exec:\tbbnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\9bbbtb.exec:\9bbbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe42⤵
- Executes dropped EXE
-
\??\c:\fllffxx.exec:\fllffxx.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\7bhbhb.exec:\7bhbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\djdpp.exec:\djdpp.exe47⤵
- Executes dropped EXE
-
\??\c:\5ppvj.exec:\5ppvj.exe48⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\frfxllx.exec:\frfxllx.exe50⤵
- Executes dropped EXE
-
\??\c:\thtbtn.exec:\thtbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe53⤵
- Executes dropped EXE
-
\??\c:\1lrlllr.exec:\1lrlllr.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe55⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe56⤵
- Executes dropped EXE
-
\??\c:\hnnhhh.exec:\hnnhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe58⤵
- Executes dropped EXE
-
\??\c:\rrffrfx.exec:\rrffrfx.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrrrllf.exec:\rrrrllf.exe60⤵
- Executes dropped EXE
-
\??\c:\7nhhbb.exec:\7nhhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\xflfrrl.exec:\xflfrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\flflfxr.exec:\flflfxr.exe65⤵
- Executes dropped EXE
-
\??\c:\thtthb.exec:\thtthb.exe66⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe67⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe68⤵
-
\??\c:\5fxxlll.exec:\5fxxlll.exe69⤵
-
\??\c:\llxrrrf.exec:\llxrrrf.exe70⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe71⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe72⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe73⤵
-
\??\c:\rfxrrrl.exec:\rfxrrrl.exe74⤵
-
\??\c:\nntntt.exec:\nntntt.exe75⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe76⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe77⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe78⤵
-
\??\c:\djjdd.exec:\djjdd.exe79⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe80⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe81⤵
-
\??\c:\7bhhbb.exec:\7bhhbb.exe82⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe83⤵
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe84⤵
-
\??\c:\xlfxrfx.exec:\xlfxrfx.exe85⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe86⤵
-
\??\c:\jddvj.exec:\jddvj.exe87⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe88⤵
-
\??\c:\5fxrffx.exec:\5fxrffx.exe89⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe90⤵
-
\??\c:\tntnht.exec:\tntnht.exe91⤵
-
\??\c:\bnthnn.exec:\bnthnn.exe92⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe93⤵
-
\??\c:\lllfrrr.exec:\lllfrrr.exe94⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe95⤵
-
\??\c:\bnnhtb.exec:\bnnhtb.exe96⤵
-
\??\c:\djjjd.exec:\djjjd.exe97⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe98⤵
-
\??\c:\flffrxr.exec:\flffrxr.exe99⤵
-
\??\c:\llfflll.exec:\llfflll.exe100⤵
-
\??\c:\bntntn.exec:\bntntn.exe101⤵
-
\??\c:\btbttt.exec:\btbttt.exe102⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe103⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe104⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe105⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe106⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe107⤵
-
\??\c:\7xfxllr.exec:\7xfxllr.exe108⤵
-
\??\c:\xfrxrlr.exec:\xfrxrlr.exe109⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe110⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe111⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe112⤵
-
\??\c:\xfxrrrf.exec:\xfxrrrf.exe113⤵
-
\??\c:\lfllfll.exec:\lfllfll.exe114⤵
-
\??\c:\3hbbth.exec:\3hbbth.exe115⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe116⤵
-
\??\c:\1pdpj.exec:\1pdpj.exe117⤵
-
\??\c:\7pvvv.exec:\7pvvv.exe118⤵
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe119⤵
-
\??\c:\xrxrfxf.exec:\xrxrfxf.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnntnt.exec:\tnntnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-