Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09-09-2024 04:13
General
-
Target
edd230ed5dc98255ce6e311b135ef01152eb77475368e2bf5ba37c5c5923fa8d.exe
-
Size
438KB
-
MD5
ba18d9456e85927e1ef6ab9810c31b82
-
SHA1
1a91a56e602a7353c4bdf926a7c326c1985ed476
-
SHA256
edd230ed5dc98255ce6e311b135ef01152eb77475368e2bf5ba37c5c5923fa8d
-
SHA512
11e1bd483f1b05af4b8963fa9402578b9e30ba80bed7ac319e36392a41ebd484f9c0c8550f8f361a199f26de49f59dba922ec113bb904ac160979d640942db92
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09JN:n3C9ytvn8whkb4i3e3GFO6JN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\edd230ed5dc98255ce6e311b135ef01152eb77475368e2bf5ba37c5c5923fa8d.exe"C:\Users\Admin\AppData\Local\Temp\edd230ed5dc98255ce6e311b135ef01152eb77475368e2bf5ba37c5c5923fa8d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffr.exec:\flrlffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnn.exec:\bbtnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrrx.exec:\llxrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvvp.exec:\5pvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhh.exec:\tbhhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfllf.exec:\lflfllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnb.exec:\hnttnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrffx.exec:\xrxrffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlfrrl.exec:\5rlfrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nttnt.exec:\5nttnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlll.exec:\lfxxlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxllx.exec:\rlxxllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllx.exec:\lfxrllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvjd.exec:\5vvjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrrx.exec:\flfxrrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlfrl.exec:\ffrlfrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\7xfxrrr.exec:\7xfxrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe26⤵
- Executes dropped EXE
-
\??\c:\nbbttn.exec:\nbbttn.exe27⤵
- Executes dropped EXE
-
\??\c:\rflrfxr.exec:\rflrfxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\frfxrrl.exec:\frfxrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\llrlrrr.exec:\llrlrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\htthbb.exec:\htthbb.exe32⤵
- Executes dropped EXE
-
\??\c:\1bbhtt.exec:\1bbhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\xxxxlll.exec:\xxxxlll.exe34⤵
- Executes dropped EXE
-
\??\c:\nnbnnb.exec:\nnbnnb.exe35⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxrxrf.exec:\fxxrxrf.exe38⤵
- Executes dropped EXE
-
\??\c:\llrllxx.exec:\llrllxx.exe39⤵
- Executes dropped EXE
-
\??\c:\7tbbtn.exec:\7tbbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\3xlfxxr.exec:\3xlfxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\9lrlffx.exec:\9lrlffx.exe46⤵
- Executes dropped EXE
-
\??\c:\bbtnhn.exec:\bbtnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe48⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\1nhhtt.exec:\1nhhtt.exe51⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\xlrlxrl.exec:\xlrlxrl.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe55⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe56⤵
- Executes dropped EXE
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\7dpvv.exec:\7dpvv.exe58⤵
- Executes dropped EXE
-
\??\c:\7vvpd.exec:\7vvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe63⤵
- Executes dropped EXE
-
\??\c:\5rfxrlf.exec:\5rfxrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\1ffxrxr.exec:\1ffxrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe66⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe67⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe68⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe69⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe70⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe71⤵
-
\??\c:\lxlfxrl.exec:\lxlfxrl.exe72⤵
-
\??\c:\ffxxrrx.exec:\ffxxrrx.exe73⤵
-
\??\c:\nththt.exec:\nththt.exe74⤵
-
\??\c:\pjddp.exec:\pjddp.exe75⤵
-
\??\c:\djpvp.exec:\djpvp.exe76⤵
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe77⤵
-
\??\c:\7hthbh.exec:\7hthbh.exe78⤵
-
\??\c:\3nbthh.exec:\3nbthh.exe79⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe80⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe81⤵
-
\??\c:\xffrxlf.exec:\xffrxlf.exe82⤵
-
\??\c:\3hbtnh.exec:\3hbtnh.exe83⤵
-
\??\c:\3hbtnh.exec:\3hbtnh.exe84⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe85⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe86⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe87⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe88⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe89⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe90⤵
-
\??\c:\3lfrflf.exec:\3lfrflf.exe91⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe92⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe93⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe94⤵
-
\??\c:\rfrllfl.exec:\rfrllfl.exe95⤵
-
\??\c:\lfxxlxl.exec:\lfxxlxl.exe96⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe97⤵
-
\??\c:\5nnbtb.exec:\5nnbtb.exe98⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe99⤵
-
\??\c:\xxfrlfl.exec:\xxfrlfl.exe100⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe101⤵
-
\??\c:\9rxxrxr.exec:\9rxxrxr.exe102⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe103⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe104⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe105⤵
-
\??\c:\xfllllf.exec:\xfllllf.exe106⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe107⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe108⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe109⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe110⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe111⤵
-
\??\c:\7rrlxlf.exec:\7rrlxlf.exe112⤵
-
\??\c:\bttttt.exec:\bttttt.exe113⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe114⤵
-
\??\c:\llrlxlf.exec:\llrlxlf.exe115⤵
-
\??\c:\rfrfxrl.exec:\rfrfxrl.exe116⤵
-
\??\c:\5nhbbb.exec:\5nhbbb.exe117⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe118⤵
-
\??\c:\jjddp.exec:\jjddp.exe119⤵
-
\??\c:\3lxrxxl.exec:\3lxrxxl.exe120⤵
-
\??\c:\hntnhn.exec:\hntnhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-