Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 18:55
General
-
Target
1227009ad34adcf3881c869a05f1859a3ff95e9368897260200864a172d9e5f6.exe
-
Size
82KB
-
MD5
ede0967ff87cc55acdde654977abf7c0
-
SHA1
c5bf62be175da58c387c4ede379e389ca782c85c
-
SHA256
1227009ad34adcf3881c869a05f1859a3ff95e9368897260200864a172d9e5f6
-
SHA512
473566f480745b9d3b32605b290dafb128377793efd45153f67dee6d8690619ee6953ecf97a09f950cd09d267dace0c6cf59edcc7dac7a7338c2fc41544cc77f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qc:ymb3NkkiQ3mdBjFIIp9L9QrrA8d
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1227009ad34adcf3881c869a05f1859a3ff95e9368897260200864a172d9e5f6.exe"C:\Users\Admin\AppData\Local\Temp\1227009ad34adcf3881c869a05f1859a3ff95e9368897260200864a172d9e5f6.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvj.exec:\vdpvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrxlf.exec:\rxxrxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbhh.exec:\hhbbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnhh.exec:\1bnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpd.exec:\9vvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxrll.exec:\rflxrll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhtn.exec:\bhbhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbtt.exec:\hhnbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrff.exec:\flfxrff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbb.exec:\nnnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvv.exec:\dvvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxxr.exec:\frxxxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxr.exec:\rflfxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnhb.exec:\nntnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrrl.exec:\llfxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpv.exec:\vjdpv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvj.exec:\vdjvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxlxrf.exec:\1fxlxrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbtnh.exec:\9bbtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttn.exec:\ntbttn.exe23⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\rxlfrlx.exec:\rxlfrlx.exe25⤵
- Executes dropped EXE
-
\??\c:\ttbthb.exec:\ttbthb.exe26⤵
- Executes dropped EXE
-
\??\c:\nhttnh.exec:\nhttnh.exe27⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\xflfxrl.exec:\xflfxrl.exe29⤵
- Executes dropped EXE
-
\??\c:\9ffxlfr.exec:\9ffxlfr.exe30⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe32⤵
- Executes dropped EXE
-
\??\c:\vjpdv.exec:\vjpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\7rrlxxr.exec:\7rrlxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhntbt.exec:\nhntbt.exe35⤵
- Executes dropped EXE
-
\??\c:\hnhbbn.exec:\hnhbbn.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\rllfxff.exec:\rllfxff.exe39⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\htnbhb.exec:\htnbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\7dvjv.exec:\7dvjv.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrllff.exec:\xlrllff.exe44⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe46⤵
- Executes dropped EXE
-
\??\c:\9hhthh.exec:\9hhthh.exe47⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dvjdd.exec:\dvjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\xffxlfx.exec:\xffxlfx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe51⤵
- Executes dropped EXE
-
\??\c:\7nhthb.exec:\7nhthb.exe52⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe53⤵
- Executes dropped EXE
-
\??\c:\lfllfxx.exec:\lfllfxx.exe54⤵
- Executes dropped EXE
-
\??\c:\nbnhbt.exec:\nbnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\3xrlxxl.exec:\3xrlxxl.exe59⤵
- Executes dropped EXE
-
\??\c:\fxlfxrl.exec:\fxlfxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\ttnhbn.exec:\ttnhbn.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\djjjp.exec:\djjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\3xxlffx.exec:\3xxlffx.exe64⤵
- Executes dropped EXE
-
\??\c:\3flxrlf.exec:\3flxrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe66⤵
-
\??\c:\tththt.exec:\tththt.exe67⤵
-
\??\c:\vppjv.exec:\vppjv.exe68⤵
-
\??\c:\xrrflxx.exec:\xrrflxx.exe69⤵
-
\??\c:\rllxrrl.exec:\rllxrrl.exe70⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe71⤵
-
\??\c:\7tnhnh.exec:\7tnhnh.exe72⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe73⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe74⤵
-
\??\c:\ffxlxrl.exec:\ffxlxrl.exe75⤵
-
\??\c:\1xllrxf.exec:\1xllrxf.exe76⤵
-
\??\c:\bhbtnh.exec:\bhbtnh.exe77⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe78⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe79⤵
-
\??\c:\xffrrlx.exec:\xffrrlx.exe80⤵
-
\??\c:\1bbhnt.exec:\1bbhnt.exe81⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe82⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe83⤵
-
\??\c:\xlxlxlf.exec:\xlxlxlf.exe84⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe85⤵
-
\??\c:\1nnbnh.exec:\1nnbnh.exe86⤵
-
\??\c:\7pdpd.exec:\7pdpd.exe87⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe88⤵
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe89⤵
-
\??\c:\5bttht.exec:\5bttht.exe90⤵
-
\??\c:\3bhtth.exec:\3bhtth.exe91⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe92⤵
-
\??\c:\3flxfxr.exec:\3flxfxr.exe93⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe94⤵
-
\??\c:\djdvp.exec:\djdvp.exe95⤵
-
\??\c:\rxxflxf.exec:\rxxflxf.exe96⤵
-
\??\c:\3ntnnh.exec:\3ntnnh.exe97⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe98⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe99⤵
-
\??\c:\rllfllx.exec:\rllfllx.exe100⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe101⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe102⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe103⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe104⤵
-
\??\c:\lfrlxrl.exec:\lfrlxrl.exe105⤵
-
\??\c:\1nbthb.exec:\1nbthb.exe106⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe107⤵
-
\??\c:\xrrllxf.exec:\xrrllxf.exe108⤵
-
\??\c:\5bnhbt.exec:\5bnhbt.exe109⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe110⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe111⤵
-
\??\c:\rrflfff.exec:\rrflfff.exe112⤵
-
\??\c:\ffxlflx.exec:\ffxlflx.exe113⤵
-
\??\c:\7tbnhn.exec:\7tbnhn.exe114⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe115⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe116⤵
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe117⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe118⤵
-
\??\c:\vppjj.exec:\vppjj.exe119⤵
-
\??\c:\djdvj.exec:\djdvj.exe120⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-