Analysis
-
max time kernel
120s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07-09-2024 22:05
General
-
Target
db1e03fa390f2aecbb5862318d6cda60N.exe
-
Size
82KB
-
MD5
db1e03fa390f2aecbb5862318d6cda60
-
SHA1
7a0d75492148cd9724300f91a5d39792d51c9519
-
SHA256
c123e2d3e7a3a6ff937f3e1646afdc14cf1ad55a088cfc86734c5efa41df822f
-
SHA512
573f6306678b9df5a493fa3e1932461478448eb4084778daa4aae99036faafdd42d722a999fa2dc2b90e603d5cb743c64fb81c8c35df0557600da18fb9d2e46d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qj:ymb3NkkiQ3mdBjFIIp9L9QrrA8G
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db1e03fa390f2aecbb5862318d6cda60N.exe"C:\Users\Admin\AppData\Local\Temp\db1e03fa390f2aecbb5862318d6cda60N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvd.exec:\pvdvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrll.exec:\rxfrrll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbttn.exec:\bbbttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxlrl.exec:\lxxxlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbtnn.exec:\1bbtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrflff.exec:\xrrflff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhh.exec:\nbnhhh.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlffx.exec:\fxxlffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnbh.exec:\bnbnbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfllx.exec:\ffrfllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdv.exec:\vjvdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxxx.exec:\xlxxxxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnhh.exec:\bbhnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntbb.exec:\tnntbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\frfllrr.exec:\frfllrr.exe24⤵
- Executes dropped EXE
-
\??\c:\htnntb.exec:\htnntb.exe25⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe27⤵
- Executes dropped EXE
-
\??\c:\rlfrrrl.exec:\rlfrrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe29⤵
- Executes dropped EXE
-
\??\c:\lrxrfff.exec:\lrxrfff.exe30⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe31⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe32⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe33⤵
- Executes dropped EXE
-
\??\c:\htbnnn.exec:\htbnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\3vvvp.exec:\3vvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\7rxrrrr.exec:\7rxrrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\1tbttt.exec:\1tbttt.exe37⤵
- Executes dropped EXE
-
\??\c:\btnbtn.exec:\btnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe39⤵
- Executes dropped EXE
-
\??\c:\ffrrllf.exec:\ffrrllf.exe40⤵
- Executes dropped EXE
-
\??\c:\rllfxfx.exec:\rllfxfx.exe41⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe44⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe45⤵
- Executes dropped EXE
-
\??\c:\ntbhth.exec:\ntbhth.exe46⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe47⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\xllfxxx.exec:\xllfxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\1thbhh.exec:\1thbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\7ppdv.exec:\7ppdv.exe52⤵
- Executes dropped EXE
-
\??\c:\xffxfll.exec:\xffxfll.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbtnh.exec:\tnbtnh.exe54⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlxrfl.exec:\xrlxrfl.exe57⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxxfff.exec:\xxxxfff.exe63⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe65⤵
- Executes dropped EXE
-
\??\c:\lffxrfx.exec:\lffxrfx.exe66⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe67⤵
-
\??\c:\1btbtb.exec:\1btbtb.exe68⤵
-
\??\c:\jppjv.exec:\jppjv.exe69⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe70⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe71⤵
-
\??\c:\hhbbth.exec:\hhbbth.exe72⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe73⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe74⤵
-
\??\c:\xlllfrx.exec:\xlllfrx.exe75⤵
-
\??\c:\lxxfxxx.exec:\lxxfxxx.exe76⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe77⤵
-
\??\c:\jppjv.exec:\jppjv.exe78⤵
-
\??\c:\djvjp.exec:\djvjp.exe79⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe80⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe81⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe82⤵
-
\??\c:\lxrfrfr.exec:\lxrfrfr.exe83⤵
-
\??\c:\xrlflfl.exec:\xrlflfl.exe84⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe85⤵
-
\??\c:\pddpj.exec:\pddpj.exe86⤵
-
\??\c:\fllrflr.exec:\fllrflr.exe87⤵
-
\??\c:\nttttt.exec:\nttttt.exe88⤵
-
\??\c:\nthtnb.exec:\nthtnb.exe89⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe90⤵
-
\??\c:\xfxfrlx.exec:\xfxfrlx.exe91⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe92⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe93⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe94⤵
-
\??\c:\lrxxlrx.exec:\lrxxlrx.exe95⤵
-
\??\c:\tntttt.exec:\tntttt.exe96⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe97⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe98⤵
-
\??\c:\lllfrrr.exec:\lllfrrr.exe99⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bntnnn.exec:\bntnnn.exe101⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe102⤵
-
\??\c:\rxllrlr.exec:\rxllrlr.exe103⤵
-
\??\c:\5rxxffr.exec:\5rxxffr.exe104⤵
-
\??\c:\nnhhbt.exec:\nnhhbt.exe105⤵
-
\??\c:\xxxrxrr.exec:\xxxrxrr.exe106⤵
-
\??\c:\tbnbnh.exec:\tbnbnh.exe107⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe108⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe109⤵
-
\??\c:\fxxrffl.exec:\fxxrffl.exe110⤵
-
\??\c:\5dpjv.exec:\5dpjv.exe111⤵
-
\??\c:\pjddj.exec:\pjddj.exe112⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe113⤵
-
\??\c:\rxxlfxr.exec:\rxxlfxr.exe114⤵
-
\??\c:\hthttb.exec:\hthttb.exe115⤵
-
\??\c:\bhhtbt.exec:\bhhtbt.exe116⤵
-
\??\c:\djjvd.exec:\djjvd.exe117⤵
-
\??\c:\lrrxrlf.exec:\lrrxrlf.exe118⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe119⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe120⤵
-
\??\c:\xrxxrfl.exec:\xrxxrfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-