Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
13/09/2024, 02:41
General
-
Target
82bf70fee4f0aa98319c90c7afcc1710N.exe
-
Size
249KB
-
MD5
82bf70fee4f0aa98319c90c7afcc1710
-
SHA1
43252046ee1c38a93d765ceb03e4824434320d62
-
SHA256
f05a90a3e75924908edf946feaad95c62c6bab996f1116798e5700f222c2365e
-
SHA512
b518d3a4bd941a8d0f4cbcb741ddf6efcbecc367a8d089251a123941559595a75298706575aa4695ca0d11799399717e47ed591053e6de089381b3a3aef5fc74
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRlg:n3C9uD6AUDCa4NYmRy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82bf70fee4f0aa98319c90c7afcc1710N.exe"C:\Users\Admin\AppData\Local\Temp\82bf70fee4f0aa98319c90c7afcc1710N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxflrt.exec:\xrxflrt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhnt.exec:\bnbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpv.exec:\vjdpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfffff.exec:\xrfffff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflll.exec:\rlxflll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhthh.exec:\hbhthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflfl.exec:\lfxflfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttb.exec:\bntttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvj.exec:\vjvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlll.exec:\frxrlll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvd.exec:\djdvd.exe17⤵
- Executes dropped EXE
-
\??\c:\9dpvj.exec:\9dpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\7xrrxxf.exec:\7xrrxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\5btbhh.exec:\5btbhh.exe20⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe21⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe22⤵
- Executes dropped EXE
-
\??\c:\rrlxfxx.exec:\rrlxfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbhhb.exec:\bbbhhb.exe24⤵
- Executes dropped EXE
-
\??\c:\9djjj.exec:\9djjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrrllr.exec:\xxrrllr.exe26⤵
- Executes dropped EXE
-
\??\c:\9lfrrff.exec:\9lfrrff.exe27⤵
- Executes dropped EXE
-
\??\c:\5ppdd.exec:\5ppdd.exe28⤵
- Executes dropped EXE
-
\??\c:\lflxxlx.exec:\lflxxlx.exe29⤵
- Executes dropped EXE
-
\??\c:\xfrfflr.exec:\xfrfflr.exe30⤵
- Executes dropped EXE
-
\??\c:\hbthnb.exec:\hbthnb.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\3xfxxrl.exec:\3xfxxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\xlxxfxl.exec:\xlxxfxl.exe34⤵
- Executes dropped EXE
-
\??\c:\3bnntt.exec:\3bnntt.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe36⤵
- Executes dropped EXE
-
\??\c:\pvdjv.exec:\pvdjv.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\rrrlrxl.exec:\rrrlrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\bttbhb.exec:\bttbhb.exe40⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe41⤵
- Executes dropped EXE
-
\??\c:\3pjpv.exec:\3pjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\5vddd.exec:\5vddd.exe43⤵
- Executes dropped EXE
-
\??\c:\9rrrfll.exec:\9rrrfll.exe44⤵
- Executes dropped EXE
-
\??\c:\5xllrxl.exec:\5xllrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\rrflfxf.exec:\rrflfxf.exe49⤵
- Executes dropped EXE
-
\??\c:\fllfflx.exec:\fllfflx.exe50⤵
- Executes dropped EXE
-
\??\c:\bhbntn.exec:\bhbntn.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jdvjj.exec:\jdvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxllxxl.exec:\fxllxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\xllrllr.exec:\xllrllr.exe55⤵
- Executes dropped EXE
-
\??\c:\btnthb.exec:\btnthb.exe56⤵
- Executes dropped EXE
-
\??\c:\htbhhh.exec:\htbhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrxlxr.exec:\lrrxlxr.exe59⤵
- Executes dropped EXE
-
\??\c:\btthhn.exec:\btthhn.exe60⤵
- Executes dropped EXE
-
\??\c:\5ttnnn.exec:\5ttnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\lxlrflx.exec:\lxlrflx.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe64⤵
- Executes dropped EXE
-
\??\c:\5xrxffl.exec:\5xrxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\3bhhtt.exec:\3bhhtt.exe66⤵
-
\??\c:\5pddv.exec:\5pddv.exe67⤵
-
\??\c:\5pjpp.exec:\5pjpp.exe68⤵
-
\??\c:\fxlfrxf.exec:\fxlfrxf.exe69⤵
-
\??\c:\lffllll.exec:\lffllll.exe70⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe71⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe72⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe73⤵
-
\??\c:\rrfrfrl.exec:\rrfrfrl.exe74⤵
-
\??\c:\ffrrflf.exec:\ffrrflf.exe75⤵
-
\??\c:\nhbntn.exec:\nhbntn.exe76⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe77⤵
-
\??\c:\9vdvd.exec:\9vdvd.exe78⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe79⤵
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe80⤵
-
\??\c:\xrxxlfr.exec:\xrxxlfr.exe81⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe82⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe83⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe84⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe85⤵
-
\??\c:\bbnttt.exec:\bbnttt.exe86⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe87⤵
-
\??\c:\5pvvd.exec:\5pvvd.exe88⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe89⤵
-
\??\c:\xlxlllx.exec:\xlxlllx.exe90⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe91⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe92⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe93⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe94⤵
-
\??\c:\xlxfffl.exec:\xlxfffl.exe95⤵
-
\??\c:\9bnntn.exec:\9bnntn.exe96⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe97⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe98⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe99⤵
-
\??\c:\lxrfffr.exec:\lxrfffr.exe100⤵
-
\??\c:\rfrfrxr.exec:\rfrfrxr.exe101⤵
-
\??\c:\7nbbtn.exec:\7nbbtn.exe102⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe103⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe104⤵
-
\??\c:\9frrxxf.exec:\9frrxxf.exe105⤵
-
\??\c:\btbnth.exec:\btbnth.exe106⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe107⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe108⤵
-
\??\c:\xrfxxrf.exec:\xrfxxrf.exe109⤵
-
\??\c:\llllxxr.exec:\llllxxr.exe110⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe111⤵
-
\??\c:\9vddp.exec:\9vddp.exe112⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe113⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe114⤵
-
\??\c:\lrrfxlx.exec:\lrrfxlx.exe115⤵
-
\??\c:\hbthth.exec:\hbthth.exe116⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvvpd.exec:\vvvpd.exe118⤵
-
\??\c:\lfxxfrl.exec:\lfxxfrl.exe119⤵
-
\??\c:\htntnh.exec:\htntnh.exe120⤵
-
\??\c:\vdppp.exec:\vdppp.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-