Analysis
-
max time kernel
120s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07/09/2024, 20:14
General
-
Target
5eba13d7401d55d653a22f71f988b3d0N.exe
-
Size
67KB
-
MD5
5eba13d7401d55d653a22f71f988b3d0
-
SHA1
848e2559b1a8fbdfcadb91fbe038ccf4e4f482d9
-
SHA256
fb19a47d4f412ade50a2dc9a01aeee81204300e5304732627296de2860d77f04
-
SHA512
bc981e830c3fa45265bb77a7be1381224229202031b46ca5b8e3fe07343b7be076397e29be5d522a573dc3b29b8930b9d8b322a6aadc289a6c3e0f3a86f4e2b9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27BqfCe:ymb3NkkiQ3mdBjFI9cqfN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5eba13d7401d55d653a22f71f988b3d0N.exe"C:\Users\Admin\AppData\Local\Temp\5eba13d7401d55d653a22f71f988b3d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxflx.exec:\rrxxflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllfx.exec:\xxxllfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxfff.exec:\rfxxfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhhh.exec:\3hhhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbh.exec:\nntbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxlll.exec:\xxxxlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbt.exec:\hhhbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlfff.exec:\xxrlfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxrxx.exec:\5lxxrxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxxx.exec:\frflxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxrlx.exec:\5xfxrlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthbt.exec:\ntthbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrxxl.exec:\fxxrxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfxffl.exec:\fxfxffl.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnnnh.exec:\bhnnnh.exe25⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\xxlrflr.exec:\xxlrflr.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\frllfrf.exec:\frllfrf.exe29⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\7bbbth.exec:\7bbbth.exe33⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\lflxxrx.exec:\lflxxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\1xxxrrl.exec:\1xxxrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\lflrrfx.exec:\lflrrfx.exe38⤵
- Executes dropped EXE
-
\??\c:\5bhhht.exec:\5bhhht.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe42⤵
- Executes dropped EXE
-
\??\c:\5flflll.exec:\5flflll.exe43⤵
- Executes dropped EXE
-
\??\c:\1xxrlfx.exec:\1xxrlfx.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxrlll.exec:\rlxrlll.exe45⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\tbtnht.exec:\tbtnht.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\rxxrffx.exec:\rxxrffx.exe50⤵
- Executes dropped EXE
-
\??\c:\rffflrl.exec:\rffflrl.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\3nntnn.exec:\3nntnn.exe53⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe56⤵
- Executes dropped EXE
-
\??\c:\lffrlxx.exec:\lffrlxx.exe57⤵
- Executes dropped EXE
-
\??\c:\lflffxx.exec:\lflffxx.exe58⤵
- Executes dropped EXE
-
\??\c:\btnhnb.exec:\btnhnb.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhbnn.exec:\tbhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe62⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rxxlxlf.exec:\rxxlxlf.exe64⤵
- Executes dropped EXE
-
\??\c:\llfxxrx.exec:\llfxxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe66⤵
-
\??\c:\bbthht.exec:\bbthht.exe67⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe68⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe69⤵
-
\??\c:\lrxxrlf.exec:\lrxxrlf.exe70⤵
-
\??\c:\rrxflrx.exec:\rrxflrx.exe71⤵
-
\??\c:\5hhbbb.exec:\5hhbbb.exe72⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe73⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe74⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe75⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe76⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe77⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe78⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe79⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe80⤵
-
\??\c:\pddvp.exec:\pddvp.exe81⤵
-
\??\c:\rrxrfff.exec:\rrxrfff.exe82⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe83⤵
-
\??\c:\rlffxrl.exec:\rlffxrl.exe84⤵
-
\??\c:\1bhbnh.exec:\1bhbnh.exe85⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe86⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe87⤵
-
\??\c:\rfxrffr.exec:\rfxrffr.exe88⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe89⤵
-
\??\c:\ththhn.exec:\ththhn.exe90⤵
-
\??\c:\vddvj.exec:\vddvj.exe91⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe92⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe93⤵
-
\??\c:\rllflfr.exec:\rllflfr.exe94⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe95⤵
-
\??\c:\tbbhtt.exec:\tbbhtt.exe96⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe97⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe98⤵
-
\??\c:\1rrrffx.exec:\1rrrffx.exe99⤵
-
\??\c:\tnhbhb.exec:\tnhbhb.exe100⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe101⤵
-
\??\c:\7dddd.exec:\7dddd.exe102⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe103⤵
-
\??\c:\3llxxxr.exec:\3llxxxr.exe104⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhntnh.exec:\bhntnh.exe106⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe107⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe108⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe109⤵
-
\??\c:\7rlfxrl.exec:\7rlfxrl.exe110⤵
-
\??\c:\hbttnh.exec:\hbttnh.exe111⤵
-
\??\c:\5tbthh.exec:\5tbthh.exe112⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe113⤵
-
\??\c:\vppjd.exec:\vppjd.exe114⤵
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe115⤵
-
\??\c:\fflfxrl.exec:\fflfxrl.exe116⤵
-
\??\c:\5bhhhn.exec:\5bhhhn.exe117⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe118⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe119⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe120⤵
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-