Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07-09-2024 21:06
General
-
Target
4488288ba43f22dc6de1c25638c1e4e52454afa5795df8e8994a88119b7ae588.exe
-
Size
63KB
-
MD5
01ed081145016b0815622ffea253bdec
-
SHA1
459bf75133c4bbd502d907b5ca9472c39afb03e7
-
SHA256
4488288ba43f22dc6de1c25638c1e4e52454afa5795df8e8994a88119b7ae588
-
SHA512
97b279f59c94c62168ad825808bda79b3e5a9acae6a8116c5a0045e628dfea4820152d6f02bf5ef27c3a1089d4dc1c8c9e8e42fd4f7977c384db50e62325430d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbW:ymb3NkkiQ3mdBjF0y7kbW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4488288ba43f22dc6de1c25638c1e4e52454afa5795df8e8994a88119b7ae588.exe"C:\Users\Admin\AppData\Local\Temp\4488288ba43f22dc6de1c25638c1e4e52454afa5795df8e8994a88119b7ae588.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxfx.exec:\rrlrxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhnh.exec:\nthhnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbttb.exec:\3tbttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrlffx.exec:\3xrlffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhhn.exec:\5hhhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnn.exec:\hnnnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttt.exec:\hntttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffl.exec:\xrfxffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfff.exec:\xrrlfff.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtt.exec:\thhbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfflrx.exec:\xxfflrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbth.exec:\thhbth.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpp.exec:\vdvpp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffllrf.exec:\rffllrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbnh.exec:\1nhbnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\htthbt.exec:\htthbt.exe24⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe25⤵
- Executes dropped EXE
-
\??\c:\1jpjv.exec:\1jpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\xfxlfrl.exec:\xfxlfrl.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbbtn.exec:\bbbbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe29⤵
- Executes dropped EXE
-
\??\c:\rxxlffr.exec:\rxxlffr.exe30⤵
- Executes dropped EXE
-
\??\c:\fxffxrx.exec:\fxffxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\nbnhbt.exec:\nbnhbt.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe33⤵
- Executes dropped EXE
-
\??\c:\3vvpd.exec:\3vvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxrfxl.exec:\xrxrfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\xllxxfr.exec:\xllxxfr.exe36⤵
- Executes dropped EXE
-
\??\c:\thnhnb.exec:\thnhnb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\9lrfrrf.exec:\9lrfrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\bnnbbt.exec:\bnnbbt.exe42⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\rffrffx.exec:\rffrffx.exe45⤵
- Executes dropped EXE
-
\??\c:\3nhbtt.exec:\3nhbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\1hbthh.exec:\1hbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\9xllrlx.exec:\9xllrlx.exe50⤵
- Executes dropped EXE
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nhthbb.exec:\nhthbb.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\9dvvd.exec:\9dvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\fllxrrf.exec:\fllxrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\xrlxllx.exec:\xrlxllx.exe56⤵
- Executes dropped EXE
-
\??\c:\ttnnhb.exec:\ttnnhb.exe57⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\hbbnbh.exec:\hbbnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\bbntth.exec:\bbntth.exe62⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe64⤵
- Executes dropped EXE
-
\??\c:\llrrllf.exec:\llrrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe66⤵
-
\??\c:\pddvp.exec:\pddvp.exe67⤵
-
\??\c:\vddjv.exec:\vddjv.exe68⤵
-
\??\c:\frrlflf.exec:\frrlflf.exe69⤵
-
\??\c:\5lflxxx.exec:\5lflxxx.exe70⤵
-
\??\c:\nhtbtn.exec:\nhtbtn.exe71⤵
-
\??\c:\htthtt.exec:\htthtt.exe72⤵
-
\??\c:\pjddd.exec:\pjddd.exe73⤵
-
\??\c:\jppjp.exec:\jppjp.exe74⤵
-
\??\c:\3xxrfxl.exec:\3xxrfxl.exe75⤵
-
\??\c:\bttnbn.exec:\bttnbn.exe76⤵
-
\??\c:\3hbnhb.exec:\3hbnhb.exe77⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe78⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe79⤵
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe80⤵
-
\??\c:\9ntntn.exec:\9ntntn.exe81⤵
-
\??\c:\9bhthh.exec:\9bhthh.exe82⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe83⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe84⤵
-
\??\c:\3lffrfr.exec:\3lffrfr.exe85⤵
-
\??\c:\hhbbhb.exec:\hhbbhb.exe86⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe87⤵
-
\??\c:\djdvp.exec:\djdvp.exe88⤵
-
\??\c:\vdddv.exec:\vdddv.exe89⤵
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe90⤵
-
\??\c:\fxrxrlr.exec:\fxrxrlr.exe91⤵
-
\??\c:\hnhhbt.exec:\hnhhbt.exe92⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe93⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe94⤵
-
\??\c:\pjddp.exec:\pjddp.exe95⤵
-
\??\c:\xrrlxrl.exec:\xrrlxrl.exe96⤵
-
\??\c:\bhttbn.exec:\bhttbn.exe97⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe98⤵
-
\??\c:\tnnbnh.exec:\tnnbnh.exe99⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe100⤵
-
\??\c:\rlxlrfx.exec:\rlxlrfx.exe101⤵
-
\??\c:\xflxfxl.exec:\xflxfxl.exe102⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe103⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe104⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe105⤵
-
\??\c:\5frlflf.exec:\5frlflf.exe106⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe107⤵
-
\??\c:\3hnbnn.exec:\3hnbnn.exe108⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe109⤵
-
\??\c:\xrxrffx.exec:\xrxrffx.exe110⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe111⤵
-
\??\c:\9tthbt.exec:\9tthbt.exe112⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe113⤵
-
\??\c:\djjdv.exec:\djjdv.exe114⤵
-
\??\c:\9xxlxxl.exec:\9xxlxxl.exe115⤵
-
\??\c:\lffrrfr.exec:\lffrrfr.exe116⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe117⤵
-
\??\c:\tttthb.exec:\tttthb.exe118⤵
-
\??\c:\djpjj.exec:\djpjj.exe119⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe120⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-