Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 05:31
General
-
Target
91c5c53e7ba95541e09eacf9a5905100N.exe
-
Size
249KB
-
MD5
91c5c53e7ba95541e09eacf9a5905100
-
SHA1
18ca6da556a4c199a4aa79b459063bf0b04772d0
-
SHA256
00b804b9e35ac2aec95e9c0674bf609718656660dfc4cca1b9d7981a2922a230
-
SHA512
6483010af4027f26325dfb65c08f385ec43c5d1cd06910e1b06ae45c302b9e03d567522302e122d8703f614cd89594c61bea7e5e5e1d4028e206fbd0b564a3eb
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRliU:n3C9uD6AUDCa4NYmRMU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\91c5c53e7ba95541e09eacf9a5905100N.exe"C:\Users\Admin\AppData\Local\Temp\91c5c53e7ba95541e09eacf9a5905100N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhbhn.exec:\7bhbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlll.exec:\rfrrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtttt.exec:\tbtttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhh.exec:\bbnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlll.exec:\xrrrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhbn.exec:\nhbhbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdd.exec:\pvjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthnn.exec:\bhthnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbht.exec:\hbhbht.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rllfll.exec:\7rllfll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfxxx.exec:\flxfxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\frxlffx.exec:\frxlffx.exe27⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe29⤵
- Executes dropped EXE
-
\??\c:\llrxxfl.exec:\llrxxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\nthttn.exec:\nthttn.exe31⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\9bttnt.exec:\9bttnt.exe33⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\xflflrr.exec:\xflflrr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\9nhhbh.exec:\9nhhbh.exe37⤵
- Executes dropped EXE
-
\??\c:\5jpjd.exec:\5jpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lflxfxr.exec:\lflxfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnbth.exec:\nnnbth.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\vjdjd.exec:\vjdjd.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\1bhbnh.exec:\1bhbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\1jjdj.exec:\1jjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\3jpjv.exec:\3jpjv.exe47⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe48⤵
- Executes dropped EXE
-
\??\c:\7ttnhb.exec:\7ttnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\5hhbtt.exec:\5hhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe51⤵
- Executes dropped EXE
-
\??\c:\5fllfrx.exec:\5fllfrx.exe52⤵
- Executes dropped EXE
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\3nnnnn.exec:\3nnnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\djvjd.exec:\djvjd.exe55⤵
- Executes dropped EXE
-
\??\c:\rxrrfxr.exec:\rxrrfxr.exe56⤵
- Executes dropped EXE
-
\??\c:\xllfffl.exec:\xllfffl.exe57⤵
- Executes dropped EXE
-
\??\c:\xflffxx.exec:\xflffxx.exe58⤵
- Executes dropped EXE
-
\??\c:\llffxxx.exec:\llffxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\nnbtbb.exec:\nnbtbb.exe60⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrrllr.exec:\lfrrllr.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe66⤵
-
\??\c:\lrlxrlx.exec:\lrlxrlx.exe67⤵
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe68⤵
-
\??\c:\ttbhnh.exec:\ttbhnh.exe69⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe70⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe71⤵
-
\??\c:\xrlfxrf.exec:\xrlfxrf.exe72⤵
-
\??\c:\nbbhbn.exec:\nbbhbn.exe73⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe74⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe75⤵
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe76⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe77⤵
-
\??\c:\ththhb.exec:\ththhb.exe78⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe79⤵
-
\??\c:\djjpp.exec:\djjpp.exe80⤵
-
\??\c:\rfxfrlf.exec:\rfxfrlf.exe81⤵
-
\??\c:\9nhhbh.exec:\9nhhbh.exe82⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe83⤵
-
\??\c:\3djdp.exec:\3djdp.exe84⤵
-
\??\c:\ffllfll.exec:\ffllfll.exe85⤵
-
\??\c:\xrflfff.exec:\xrflfff.exe86⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe87⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe88⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe89⤵
-
\??\c:\xrllfrr.exec:\xrllfrr.exe90⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe91⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe92⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe93⤵
-
\??\c:\5ffxfxr.exec:\5ffxfxr.exe94⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe95⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe96⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe97⤵
-
\??\c:\7jpjp.exec:\7jpjp.exe98⤵
-
\??\c:\1flfxrf.exec:\1flfxrf.exe99⤵
-
\??\c:\nnnbnh.exec:\nnnbnh.exe100⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe101⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe102⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe103⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe104⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe105⤵
-
\??\c:\bhhthb.exec:\bhhthb.exe106⤵
-
\??\c:\3nnbhh.exec:\3nnbhh.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpjvj.exec:\dpjvj.exe108⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe109⤵
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe110⤵
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe111⤵
-
\??\c:\5bbnnn.exec:\5bbnnn.exe112⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe113⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe114⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe115⤵
-
\??\c:\hthtnh.exec:\hthtnh.exe116⤵
-
\??\c:\bhnhnn.exec:\bhnhnn.exe117⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe118⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe119⤵
-
\??\c:\lrlfxfr.exec:\lrlfxfr.exe120⤵
-
\??\c:\5rfxllf.exec:\5rfxllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-