Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
07/09/2024, 18:22
General
-
Target
060391c7188c22580ae9278525b6a427746c4629cdf5c393f6e2b5d24f585c60.exe
-
Size
64KB
-
MD5
b4988fec4542896684d24990aef04412
-
SHA1
e98f6dcd7121bbf51cbdea53418d1acd647a1ae7
-
SHA256
060391c7188c22580ae9278525b6a427746c4629cdf5c393f6e2b5d24f585c60
-
SHA512
6eaeb84effff8c600c8751bd45843e635f330380ded234ae149a3e5ff19eceb6b239125de2eaf5a61e4be374539fb1a2fdfb74a1c510b98d203392bdffce6ebd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27mS:ymb3NkkiQ3mdBjFI9W
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\060391c7188c22580ae9278525b6a427746c4629cdf5c393f6e2b5d24f585c60.exe"C:\Users\Admin\AppData\Local\Temp\060391c7188c22580ae9278525b6a427746c4629cdf5c393f6e2b5d24f585c60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5xllrrf.exec:\5xllrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhnbb.exec:\5nhnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxfr.exec:\rlflxfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxffr.exec:\5lxxffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnt.exec:\bttbnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpv.exec:\vvjpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjj.exec:\vvdjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxlr.exec:\xxlrxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnn.exec:\ttnbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthn.exec:\btnthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrxl.exec:\lllxrxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe17⤵
- Executes dropped EXE
-
\??\c:\5rrllrx.exec:\5rrllrx.exe18⤵
- Executes dropped EXE
-
\??\c:\tbhhnb.exec:\tbhhnb.exe19⤵
- Executes dropped EXE
-
\??\c:\tththb.exec:\tththb.exe20⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe21⤵
- Executes dropped EXE
-
\??\c:\3xrlrrx.exec:\3xrlrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\7fxlxxr.exec:\7fxlxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tbbhtn.exec:\tbbhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe26⤵
- Executes dropped EXE
-
\??\c:\3frrrrr.exec:\3frrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\9hnttt.exec:\9hnttt.exe28⤵
- Executes dropped EXE
-
\??\c:\btntnn.exec:\btntnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe30⤵
- Executes dropped EXE
-
\??\c:\5rxlxff.exec:\5rxlxff.exe31⤵
- Executes dropped EXE
-
\??\c:\3fxfrxr.exec:\3fxfrxr.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhhtn.exec:\bnhhtn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrfllr.exec:\lfrfllr.exe36⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbhth.exec:\nnbhth.exe38⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\5pddp.exec:\5pddp.exe40⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lfxxflr.exec:\lfxxflr.exe42⤵
- Executes dropped EXE
-
\??\c:\xfffffr.exec:\xfffffr.exe43⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe45⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe46⤵
- Executes dropped EXE
-
\??\c:\7ffrlll.exec:\7ffrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnttn.exec:\hnnttn.exe48⤵
- Executes dropped EXE
-
\??\c:\tbnttb.exec:\tbnttb.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\xxflxxx.exec:\xxflxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\9hhhhb.exec:\9hhhhb.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe55⤵
- Executes dropped EXE
-
\??\c:\9dpjp.exec:\9dpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\9dddj.exec:\9dddj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxlrfff.exec:\fxlrfff.exe58⤵
- Executes dropped EXE
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbbnhn.exec:\tbbnhn.exe60⤵
- Executes dropped EXE
-
\??\c:\7ppvv.exec:\7ppvv.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvjj.exec:\pvvjj.exe62⤵
- Executes dropped EXE
-
\??\c:\rfrxffl.exec:\rfrxffl.exe63⤵
- Executes dropped EXE
-
\??\c:\lffrflx.exec:\lffrflx.exe64⤵
- Executes dropped EXE
-
\??\c:\htttbb.exec:\htttbb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe66⤵
-
\??\c:\1vvdj.exec:\1vvdj.exe67⤵
-
\??\c:\dddjd.exec:\dddjd.exe68⤵
-
\??\c:\rfllxrx.exec:\rfllxrx.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxxllff.exec:\rxxllff.exe70⤵
-
\??\c:\9hnntn.exec:\9hnntn.exe71⤵
-
\??\c:\bnnbhb.exec:\bnnbhb.exe72⤵
-
\??\c:\1djpp.exec:\1djpp.exe73⤵
-
\??\c:\lxlfrfl.exec:\lxlfrfl.exe74⤵
-
\??\c:\5rlrflr.exec:\5rlrflr.exe75⤵
-
\??\c:\3hnbhn.exec:\3hnbhn.exe76⤵
-
\??\c:\nbbhnt.exec:\nbbhnt.exe77⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe78⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe79⤵
-
\??\c:\9frrxrx.exec:\9frrxrx.exe80⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe81⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe82⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe83⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe84⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe85⤵
-
\??\c:\xfxlrll.exec:\xfxlrll.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9frrrrf.exec:\9frrrrf.exe87⤵
-
\??\c:\nbnbnh.exec:\nbnbnh.exe88⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe89⤵
-
\??\c:\jjppv.exec:\jjppv.exe90⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe91⤵
-
\??\c:\1lrfxrr.exec:\1lrfxrr.exe92⤵
-
\??\c:\lxlxflr.exec:\lxlxflr.exe93⤵
-
\??\c:\rfrfrrf.exec:\rfrfrrf.exe94⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe95⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe96⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe97⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe98⤵
-
\??\c:\5xllrrf.exec:\5xllrrf.exe99⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe100⤵
-
\??\c:\nbbhnn.exec:\nbbhnn.exe101⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe102⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe103⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe104⤵
-
\??\c:\fxllrxl.exec:\fxllrxl.exe105⤵
-
\??\c:\lrxllxx.exec:\lrxllxx.exe106⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe107⤵
-
\??\c:\nbthbh.exec:\nbthbh.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjvvd.exec:\pjvvd.exe109⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe110⤵
-
\??\c:\3xxrxxl.exec:\3xxrxxl.exe111⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe112⤵
-
\??\c:\btnnnb.exec:\btnnnb.exe113⤵
-
\??\c:\tnbhht.exec:\tnbhht.exe114⤵
-
\??\c:\5jppv.exec:\5jppv.exe115⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe116⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe117⤵
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe118⤵
-
\??\c:\lflfrxl.exec:\lflfrxl.exe119⤵
-
\??\c:\7bbhth.exec:\7bbhth.exe120⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-