Analysis
-
max time kernel
120s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07-09-2024 04:31
General
-
Target
6f8d2ec8f015ebf2ffd47a5661b883a0N.exe
-
Size
64KB
-
MD5
6f8d2ec8f015ebf2ffd47a5661b883a0
-
SHA1
85dbcc238069a0ffa892167b9e71fe66d4c962eb
-
SHA256
d93e9ea22c67c8a0d974c435e5aac21679247d607fa54eb8cb2831aca08bf0c2
-
SHA512
167f7e1f6ed61d5123aa4687c4a26dd5efaa660ca3513570fb72677cc024bd9a0683c5ec300e6539a7a7f8615e0c646deb859c9bf7ddd5e54ed07c0674f87fa0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Cz:ymb3NkkiQ3mdBjFI9jz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f8d2ec8f015ebf2ffd47a5661b883a0N.exe"C:\Users\Admin\AppData\Local\Temp\6f8d2ec8f015ebf2ffd47a5661b883a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvjd.exec:\3dvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrflll.exec:\9lrflll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtnh.exec:\tbhtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhb.exec:\nbnhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbnhb.exec:\5hbnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdv.exec:\vdpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrffx.exec:\flxrffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnh.exec:\nhnbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxfr.exec:\llrlxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flfffx.exec:\7flfffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbtn.exec:\1hhbtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpjv.exec:\9jpjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlrxxr.exec:\5xlrxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxrlfx.exec:\1rxrlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjv.exec:\vdvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\lrfrfrx.exec:\lrfrfrx.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxrlrl.exec:\xxxrlrl.exe26⤵
- Executes dropped EXE
-
\??\c:\7htnbb.exec:\7htnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe29⤵
- Executes dropped EXE
-
\??\c:\llxxxff.exec:\llxxxff.exe30⤵
- Executes dropped EXE
-
\??\c:\bhnbnh.exec:\bhnbnh.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbnbt.exec:\nhbnbt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe34⤵
- Executes dropped EXE
-
\??\c:\1fxrfxl.exec:\1fxrfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\frrfrlf.exec:\frrfrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\9bbhtt.exec:\9bbhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\5bbnbt.exec:\5bbnbt.exe38⤵
- Executes dropped EXE
-
\??\c:\5pjpd.exec:\5pjpd.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe40⤵
- Executes dropped EXE
-
\??\c:\9rlfxxr.exec:\9rlfxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\frlfrlf.exec:\frlfrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\9hhtht.exec:\9hhtht.exe43⤵
- Executes dropped EXE
-
\??\c:\1nnhhb.exec:\1nnhhb.exe44⤵
- Executes dropped EXE
-
\??\c:\tttnhb.exec:\tttnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe46⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe48⤵
- Executes dropped EXE
-
\??\c:\lfrrflf.exec:\lfrrflf.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe50⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe51⤵
- Executes dropped EXE
-
\??\c:\bhhtbt.exec:\bhhtbt.exe52⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe53⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe54⤵
- Executes dropped EXE
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\hnhtnh.exec:\hnhtnh.exe56⤵
- Executes dropped EXE
-
\??\c:\hbthnh.exec:\hbthnh.exe57⤵
- Executes dropped EXE
-
\??\c:\5bthnh.exec:\5bthnh.exe58⤵
- Executes dropped EXE
-
\??\c:\vdpdj.exec:\vdpdj.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe62⤵
- Executes dropped EXE
-
\??\c:\1nnhtt.exec:\1nnhtt.exe63⤵
- Executes dropped EXE
-
\??\c:\3nnhtn.exec:\3nnhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe66⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe67⤵
-
\??\c:\3rllffx.exec:\3rllffx.exe68⤵
-
\??\c:\fllfllf.exec:\fllfllf.exe69⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe70⤵
-
\??\c:\7nntbt.exec:\7nntbt.exe71⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe72⤵
-
\??\c:\lxlrlff.exec:\lxlrlff.exe73⤵
-
\??\c:\xxffrlr.exec:\xxffrlr.exe74⤵
-
\??\c:\1bhbhb.exec:\1bhbhb.exe75⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe76⤵
-
\??\c:\9vjvp.exec:\9vjvp.exe77⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe78⤵
-
\??\c:\7rxxlrf.exec:\7rxxlrf.exe79⤵
-
\??\c:\1nhtnh.exec:\1nhtnh.exe80⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe81⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe82⤵
-
\??\c:\7vvjv.exec:\7vvjv.exe83⤵
-
\??\c:\3xxrlfr.exec:\3xxrlfr.exe84⤵
-
\??\c:\lrrfxlf.exec:\lrrfxlf.exe85⤵
-
\??\c:\1nnthb.exec:\1nnthb.exe86⤵
-
\??\c:\nhhtbb.exec:\nhhtbb.exe87⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe88⤵
-
\??\c:\5fflfrf.exec:\5fflfrf.exe89⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe90⤵
-
\??\c:\tbbhnh.exec:\tbbhnh.exe91⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe92⤵
-
\??\c:\rrrflfx.exec:\rrrflfx.exe93⤵
-
\??\c:\lfffxrf.exec:\lfffxrf.exe94⤵
-
\??\c:\fxlxrfx.exec:\fxlxrfx.exe95⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe96⤵
-
\??\c:\7ffrllx.exec:\7ffrllx.exe97⤵
-
\??\c:\xlflxfr.exec:\xlflxfr.exe98⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe99⤵
-
\??\c:\1tthnn.exec:\1tthnn.exe100⤵
-
\??\c:\nttbht.exec:\nttbht.exe101⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe102⤵
-
\??\c:\xrffllf.exec:\xrffllf.exe103⤵
-
\??\c:\xllxrlf.exec:\xllxrlf.exe104⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe105⤵
-
\??\c:\pppvd.exec:\pppvd.exe106⤵
-
\??\c:\9lrfrll.exec:\9lrfrll.exe107⤵
-
\??\c:\btthtn.exec:\btthtn.exe108⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe109⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe110⤵
-
\??\c:\fffrfxl.exec:\fffrfxl.exe111⤵
-
\??\c:\1nnhnh.exec:\1nnhnh.exe112⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe113⤵
-
\??\c:\djvpd.exec:\djvpd.exe114⤵
-
\??\c:\3fxxrxl.exec:\3fxxrxl.exe115⤵
-
\??\c:\1hnbnh.exec:\1hnbnh.exe116⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe117⤵
-
\??\c:\5ppdd.exec:\5ppdd.exe118⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe119⤵
-
\??\c:\xflfxfx.exec:\xflfxfx.exe120⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-