Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07-09-2024 21:57
General
-
Target
59f472db4e131e4e644497840a1d2c0fea1557dab2de620e0d6f437b90d4d964.exe
-
Size
106KB
-
MD5
c670a3012341143aa2ceb3fd8aa54400
-
SHA1
fb5b81271c13e3e640af0fa7eddc8e0cd18f9efb
-
SHA256
59f472db4e131e4e644497840a1d2c0fea1557dab2de620e0d6f437b90d4d964
-
SHA512
3861c6461b016e102039af447654635dc6c92a57973ef20b7ac80322766f4a1bcf5c1098b33a6d47c0b6bbeaa7f6e3beffce0f9dd32852c5797b1ee4447c18cf
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+buwUGu3P3CmW:n3C9BRo7MlrWKVT+buBGu3PHW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\59f472db4e131e4e644497840a1d2c0fea1557dab2de620e0d6f437b90d4d964.exe"C:\Users\Admin\AppData\Local\Temp\59f472db4e131e4e644497840a1d2c0fea1557dab2de620e0d6f437b90d4d964.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrxrx.exec:\frxrxrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbnn.exec:\hnhbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbht.exec:\nntbht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbbt.exec:\1hbbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpd.exec:\ppvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrf.exec:\fxfxxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrlf.exec:\xxxxrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnn.exec:\htbtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdvp.exec:\1vdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxxfr.exec:\lrrxxfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnthb.exec:\nbnthb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpdj.exec:\5vpdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtn.exec:\hbnbtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvjp.exec:\3vvjp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxlfx.exec:\rrfxlfx.exe23⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\rxflfxl.exec:\rxflfxl.exe27⤵
- Executes dropped EXE
-
\??\c:\thbttn.exec:\thbttn.exe28⤵
- Executes dropped EXE
-
\??\c:\tbbhth.exec:\tbbhth.exe29⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe30⤵
- Executes dropped EXE
-
\??\c:\xffrffr.exec:\xffrffr.exe31⤵
- Executes dropped EXE
-
\??\c:\5nnhbh.exec:\5nnhbh.exe32⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\lrfxfrf.exec:\lrfxfrf.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnnbt.exec:\bnnnbt.exe36⤵
-
\??\c:\3bnhtn.exec:\3bnhtn.exe37⤵
- Executes dropped EXE
-
\??\c:\7djdv.exec:\7djdv.exe38⤵
- Executes dropped EXE
-
\??\c:\1dvvd.exec:\1dvvd.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe40⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe41⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe42⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\3rrlxrl.exec:\3rrlxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\bntbbh.exec:\bntbbh.exe45⤵
- Executes dropped EXE
-
\??\c:\tnthht.exec:\tnthht.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\frfffxf.exec:\frfffxf.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe49⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe50⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrxrll.exec:\ffrxrll.exe52⤵
- Executes dropped EXE
-
\??\c:\3btnbh.exec:\3btnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\bnthbn.exec:\bnthbn.exe54⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe55⤵
- Executes dropped EXE
-
\??\c:\lrxlffx.exec:\lrxlffx.exe56⤵
- Executes dropped EXE
-
\??\c:\lrrrlxr.exec:\lrrrlxr.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\lxfrfxr.exec:\lxfrfxr.exe60⤵
- Executes dropped EXE
-
\??\c:\xlrlxrl.exec:\xlrlxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\bbbthb.exec:\bbbthb.exe62⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\rxxfxxx.exec:\rxxfxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\lflrlxx.exec:\lflrlxx.exe66⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe67⤵
-
\??\c:\3djvd.exec:\3djvd.exe68⤵
-
\??\c:\1ffrflf.exec:\1ffrflf.exe69⤵
-
\??\c:\tbtbbb.exec:\tbtbbb.exe70⤵
-
\??\c:\1tbtbn.exec:\1tbtbn.exe71⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe72⤵
-
\??\c:\frxrlxf.exec:\frxrlxf.exe73⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe74⤵
-
\??\c:\hhhbnt.exec:\hhhbnt.exe75⤵
-
\??\c:\dvppj.exec:\dvppj.exe76⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe77⤵
-
\??\c:\rxlxlfx.exec:\rxlxlfx.exe78⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe79⤵
-
\??\c:\3tbthh.exec:\3tbthh.exe80⤵
-
\??\c:\9nhnht.exec:\9nhnht.exe81⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe82⤵
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe83⤵
-
\??\c:\3llxlfx.exec:\3llxlfx.exe84⤵
-
\??\c:\9thbbt.exec:\9thbbt.exe85⤵
-
\??\c:\9nhbtt.exec:\9nhbtt.exe86⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe87⤵
-
\??\c:\lrlxrlx.exec:\lrlxrlx.exe88⤵
-
\??\c:\7xlllxx.exec:\7xlllxx.exe89⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe90⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe91⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe92⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe93⤵
-
\??\c:\nbbhht.exec:\nbbhht.exe94⤵
-
\??\c:\vvppj.exec:\vvppj.exe95⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe96⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe97⤵
-
\??\c:\xrrxrxf.exec:\xrrxrxf.exe98⤵
-
\??\c:\5bbbtn.exec:\5bbbtn.exe99⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe100⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe101⤵
-
\??\c:\frlrffx.exec:\frlrffx.exe102⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe103⤵
-
\??\c:\llrrllr.exec:\llrrllr.exe104⤵
-
\??\c:\lffxxrx.exec:\lffxxrx.exe105⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe106⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe107⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe108⤵
-
\??\c:\rfrxrlf.exec:\rfrxrlf.exe109⤵
-
\??\c:\9htnbb.exec:\9htnbb.exe110⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe111⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe112⤵
-
\??\c:\jjppv.exec:\jjppv.exe113⤵
-
\??\c:\rlllxxx.exec:\rlllxxx.exe114⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe115⤵
-
\??\c:\hhbnnb.exec:\hhbnnb.exe116⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe117⤵
-
\??\c:\pppdv.exec:\pppdv.exe118⤵
-
\??\c:\flrrfrx.exec:\flrrfrx.exe119⤵
-
\??\c:\7tnntt.exec:\7tnntt.exe120⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-