Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07-09-2024 23:41
General
-
Target
87d50aacbbe4d5c0e8c3bbcd6506cdb68b3332541f293f31821f40306ba6efca.exe
-
Size
64KB
-
MD5
b833f628d7526528d79486cda269e83a
-
SHA1
9cd91da3588ddedd772226b231856e0c0b9ae55d
-
SHA256
87d50aacbbe4d5c0e8c3bbcd6506cdb68b3332541f293f31821f40306ba6efca
-
SHA512
311eeb8cacd338fdb907299c1cc1f7f6bff6fffee41e335270c9acc615dcb190e31d722b4e022afc33dc9ecd0362e0d18e5d04ff742111c82e30bf28f4bc165b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L271:ymb3NkkiQ3mdBjFI9w
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\87d50aacbbe4d5c0e8c3bbcd6506cdb68b3332541f293f31821f40306ba6efca.exe"C:\Users\Admin\AppData\Local\Temp\87d50aacbbe4d5c0e8c3bbcd6506cdb68b3332541f293f31821f40306ba6efca.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrxfr.exec:\rfxrxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvv.exec:\vjdvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxrff.exec:\rrrxrff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnn.exec:\nhbtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdd.exec:\jdpdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbnbt.exec:\5nbnbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjv.exec:\jdvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxfxf.exec:\lffxfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrrrl.exec:\xrfrrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrlxr.exec:\lffrlxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbnnh.exec:\hnbnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvd.exec:\ddjvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrll.exec:\fxlfrll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnn.exec:\nnntnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppv.exec:\ppppv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhh.exec:\bbbhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vppv.exec:\7vppv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrf.exec:\rfffxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnhtn.exec:\ttnhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\xfrlxff.exec:\xfrlxff.exe26⤵
- Executes dropped EXE
-
\??\c:\ntntht.exec:\ntntht.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\xxllfxx.exec:\xxllfxx.exe29⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhthh.exec:\bnhthh.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrfxxr.exec:\rrrfxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhbbn.exec:\bnhbbn.exe34⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe35⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxxrllr.exec:\lxxrllr.exe37⤵
- Executes dropped EXE
-
\??\c:\xxflfxr.exec:\xxflfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\1nbtnb.exec:\1nbtnb.exe39⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe40⤵
- Executes dropped EXE
-
\??\c:\5djdj.exec:\5djdj.exe41⤵
- Executes dropped EXE
-
\??\c:\5xfrxfx.exec:\5xfrxfx.exe42⤵
- Executes dropped EXE
-
\??\c:\tttbtb.exec:\tttbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\nbbtnt.exec:\nbbtnt.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rrfrxlx.exec:\rrfrxlx.exe46⤵
- Executes dropped EXE
-
\??\c:\htbhnh.exec:\htbhnh.exe47⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\flflrrf.exec:\flflrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhntt.exec:\nhhntt.exe51⤵
- Executes dropped EXE
-
\??\c:\jppdj.exec:\jppdj.exe52⤵
- Executes dropped EXE
-
\??\c:\flfllll.exec:\flfllll.exe53⤵
- Executes dropped EXE
-
\??\c:\1xlllxl.exec:\1xlllxl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe55⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe56⤵
- Executes dropped EXE
-
\??\c:\flxfrxl.exec:\flxfrxl.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe59⤵
- Executes dropped EXE
-
\??\c:\lfllxll.exec:\lfllxll.exe60⤵
- Executes dropped EXE
-
\??\c:\rflrrrl.exec:\rflrrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\tbhbbb.exec:\tbhbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrxfll.exec:\xxrxfll.exe64⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\3nnhbb.exec:\3nnhbb.exe66⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe67⤵
-
\??\c:\lxlffxr.exec:\lxlffxr.exe68⤵
-
\??\c:\frxrllx.exec:\frxrllx.exe69⤵
-
\??\c:\hthtbn.exec:\hthtbn.exe70⤵
-
\??\c:\9pddv.exec:\9pddv.exe71⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe72⤵
-
\??\c:\frfrlfx.exec:\frfrlfx.exe73⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe74⤵
-
\??\c:\vjppv.exec:\vjppv.exe75⤵
-
\??\c:\3jvdv.exec:\3jvdv.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rllxrlf.exec:\rllxrlf.exe77⤵
-
\??\c:\httnnh.exec:\httnnh.exe78⤵
-
\??\c:\5hnnnn.exec:\5hnnnn.exe79⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe80⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe81⤵
-
\??\c:\rfllfxr.exec:\rfllfxr.exe82⤵
-
\??\c:\nbnttn.exec:\nbnttn.exe83⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe84⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe85⤵
-
\??\c:\xlrxllx.exec:\xlrxllx.exe86⤵
-
\??\c:\lfxrfxx.exec:\lfxrfxx.exe87⤵
-
\??\c:\7thhbb.exec:\7thhbb.exe88⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe89⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe90⤵
-
\??\c:\xrffllf.exec:\xrffllf.exe91⤵
-
\??\c:\5btnnh.exec:\5btnnh.exe92⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe93⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe94⤵
-
\??\c:\frxrfxr.exec:\frxrfxr.exe95⤵
-
\??\c:\lrrfrxr.exec:\lrrfrxr.exe96⤵
-
\??\c:\tnbbtn.exec:\tnbbtn.exe97⤵
-
\??\c:\jppvj.exec:\jppvj.exe98⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe99⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe100⤵
-
\??\c:\dppjj.exec:\dppjj.exe101⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe102⤵
-
\??\c:\lflrrxx.exec:\lflrrxx.exe103⤵
-
\??\c:\9bhhtn.exec:\9bhhtn.exe104⤵
-
\??\c:\hbbhhb.exec:\hbbhhb.exe105⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe106⤵
-
\??\c:\rrxrlxr.exec:\rrxrlxr.exe107⤵
-
\??\c:\rrllrxf.exec:\rrllrxf.exe108⤵
-
\??\c:\7nbbbn.exec:\7nbbbn.exe109⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe110⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe111⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe112⤵
-
\??\c:\fxfxffx.exec:\fxfxffx.exe113⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe114⤵
-
\??\c:\nnnhnb.exec:\nnnhnb.exe115⤵
-
\??\c:\3djdd.exec:\3djdd.exe116⤵
-
\??\c:\rxxfxfl.exec:\rxxfxfl.exe117⤵
-
\??\c:\5rffxxf.exec:\5rffxxf.exe118⤵
-
\??\c:\nththb.exec:\nththb.exe119⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe120⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-