Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 02:41
General
-
Target
82bf70fee4f0aa98319c90c7afcc1710N.exe
-
Size
249KB
-
MD5
82bf70fee4f0aa98319c90c7afcc1710
-
SHA1
43252046ee1c38a93d765ceb03e4824434320d62
-
SHA256
f05a90a3e75924908edf946feaad95c62c6bab996f1116798e5700f222c2365e
-
SHA512
b518d3a4bd941a8d0f4cbcb741ddf6efcbecc367a8d089251a123941559595a75298706575aa4695ca0d11799399717e47ed591053e6de089381b3a3aef5fc74
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRlg:n3C9uD6AUDCa4NYmRy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82bf70fee4f0aa98319c90c7afcc1710N.exe"C:\Users\Admin\AppData\Local\Temp\82bf70fee4f0aa98319c90c7afcc1710N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbn.exec:\hhtnbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrr.exec:\frfxrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhttb.exec:\5hhttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrfrx.exec:\frxrfrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlfff.exec:\5lrlfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpj.exec:\jpjpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrrxfx.exec:\9rrrxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvj.exec:\pddvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfllll.exec:\frfllll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbbn.exec:\bttbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnbt.exec:\btbnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdp.exec:\pdpdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlxxr.exec:\7rrlxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbtn.exec:\9bbbtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlfrx.exec:\flxlfrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnbnh.exec:\3hnbnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpp.exec:\5vvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfrll.exec:\lrrfrll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\9ffrxrl.exec:\9ffrxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\1bhbtn.exec:\1bhbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\lrfrlxx.exec:\lrfrlxx.exe27⤵
- Executes dropped EXE
-
\??\c:\bnhtnh.exec:\bnhtnh.exe28⤵
- Executes dropped EXE
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe29⤵
- Executes dropped EXE
-
\??\c:\9fxxlfx.exec:\9fxxlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\9dpjj.exec:\9dpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbthb.exec:\hbbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1rxlfxl.exec:\1rxlfxl.exe36⤵
- Executes dropped EXE
-
\??\c:\xllfxlf.exec:\xllfxlf.exe37⤵
- Executes dropped EXE
-
\??\c:\1hbhbb.exec:\1hbhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe39⤵
- Executes dropped EXE
-
\??\c:\3jvpj.exec:\3jvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe41⤵
- Executes dropped EXE
-
\??\c:\lxrlxxl.exec:\lxrlxxl.exe42⤵
- Executes dropped EXE
-
\??\c:\9thbnn.exec:\9thbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe44⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\3flxllx.exec:\3flxllx.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrfrxf.exec:\lrrfrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\bnntbb.exec:\bnntbb.exe48⤵
- Executes dropped EXE
-
\??\c:\1dvjp.exec:\1dvjp.exe49⤵
- Executes dropped EXE
-
\??\c:\9lxrllf.exec:\9lxrllf.exe50⤵
- Executes dropped EXE
-
\??\c:\lffrlxr.exec:\lffrlxr.exe51⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe52⤵
- Executes dropped EXE
-
\??\c:\9nthtn.exec:\9nthtn.exe53⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe55⤵
- Executes dropped EXE
-
\??\c:\5xxxlfx.exec:\5xxxlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe57⤵
- Executes dropped EXE
-
\??\c:\ntthnh.exec:\ntthnh.exe58⤵
- Executes dropped EXE
-
\??\c:\1vjvp.exec:\1vjvp.exe59⤵
- Executes dropped EXE
-
\??\c:\1xlxlfx.exec:\1xlxlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbtnb.exec:\tnbtnb.exe61⤵
- Executes dropped EXE
-
\??\c:\5tthnh.exec:\5tthnh.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe63⤵
- Executes dropped EXE
-
\??\c:\1rrlxrr.exec:\1rrlxrr.exe64⤵
- Executes dropped EXE
-
\??\c:\bnnnbh.exec:\bnnnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe66⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe67⤵
-
\??\c:\dddpp.exec:\dddpp.exe68⤵
-
\??\c:\lxxrxrl.exec:\lxxrxrl.exe69⤵
-
\??\c:\1lfxrrl.exec:\1lfxrrl.exe70⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe71⤵
-
\??\c:\7tthbt.exec:\7tthbt.exe72⤵
-
\??\c:\vddpd.exec:\vddpd.exe73⤵
-
\??\c:\fxfrfxr.exec:\fxfrfxr.exe74⤵
-
\??\c:\3llxllx.exec:\3llxllx.exe75⤵
-
\??\c:\1nnnbt.exec:\1nnnbt.exe76⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe77⤵
-
\??\c:\dpppj.exec:\dpppj.exe78⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe79⤵
-
\??\c:\rflrlfx.exec:\rflrlfx.exe80⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe81⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe82⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe83⤵
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe84⤵
-
\??\c:\tbhtht.exec:\tbhtht.exe85⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe86⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe87⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe88⤵
-
\??\c:\lxxxrlx.exec:\lxxxrlx.exe89⤵
-
\??\c:\7hnbnb.exec:\7hnbnb.exe90⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe91⤵
-
\??\c:\5vvjp.exec:\5vvjp.exe92⤵
-
\??\c:\xxxxlfr.exec:\xxxxlfr.exe93⤵
-
\??\c:\3fxrffr.exec:\3fxrffr.exe94⤵
-
\??\c:\bththb.exec:\bththb.exe95⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe96⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe97⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe98⤵
-
\??\c:\5flfrll.exec:\5flfrll.exe99⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe100⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dppdv.exec:\dppdv.exe102⤵
-
\??\c:\xfxlxrf.exec:\xfxlxrf.exe103⤵
-
\??\c:\fxrffxr.exec:\fxrffxr.exe104⤵
-
\??\c:\7bbtbb.exec:\7bbtbb.exe105⤵
-
\??\c:\ttnnbt.exec:\ttnnbt.exe106⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe107⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe108⤵
-
\??\c:\lrfrfxr.exec:\lrfrfxr.exe109⤵
-
\??\c:\nbtnnt.exec:\nbtnnt.exe110⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe111⤵
-
\??\c:\pppdp.exec:\pppdp.exe112⤵
-
\??\c:\3xxlxrl.exec:\3xxlxrl.exe113⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe114⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe115⤵
-
\??\c:\jdddp.exec:\jdddp.exe116⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe117⤵
-
\??\c:\xxxxrlf.exec:\xxxxrlf.exe118⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe119⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe120⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-