Analysis
-
max time kernel
120s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 13:10
General
-
Target
c8a4bf3022561c2a5a22c0e234e99880N.exe
-
Size
90KB
-
MD5
c8a4bf3022561c2a5a22c0e234e99880
-
SHA1
f8b501cd888f7f1240e1c91801fa4087119e62be
-
SHA256
6d343eed4d5608fe758cecf601f7663edd92f366bfe5a2081bb4db8f35092554
-
SHA512
8094b7e28f892368c23a547ffcba2d20919e6f4bab81288a36e9bda5e7a125f393f62d8c666b4cb439f1b334254fb225d70b71031c90966d3cc948cdbe112b75
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkBj:ymb3NkkiQ3mdBjF+3TU2iBRioSumWS11
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8a4bf3022561c2a5a22c0e234e99880N.exe"C:\Users\Admin\AppData\Local\Temp\c8a4bf3022561c2a5a22c0e234e99880N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbnnn.exec:\3tbnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllfll.exec:\rrllfll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrrxf.exec:\xxfrrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llrrrr.exec:\7llrrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttb.exec:\thtttb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnt.exec:\bnbtnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbtt.exec:\nhtbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbb.exec:\nnttbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrflr.exec:\ffrrflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjj.exec:\vjvjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrffl.exec:\rlxrffl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbh.exec:\tnhbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjv.exec:\7djjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrll.exec:\xlxrrll.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\rfrflrx.exec:\rfrflrx.exe26⤵
- Executes dropped EXE
-
\??\c:\tbhnhn.exec:\tbhnhn.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrxrlx.exec:\xrrxrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\5ttnhh.exec:\5ttnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\5nbnbh.exec:\5nbnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe34⤵
- Executes dropped EXE
-
\??\c:\frxlxxr.exec:\frxlxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbbhh.exec:\nbbbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe37⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe38⤵
- Executes dropped EXE
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrrlll.exec:\xrrrlll.exe44⤵
- Executes dropped EXE
-
\??\c:\5xllfff.exec:\5xllfff.exe45⤵
- Executes dropped EXE
-
\??\c:\1ntntt.exec:\1ntntt.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vddjj.exec:\vddjj.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\7fflrrr.exec:\7fflrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\7bnhbt.exec:\7bnhbt.exe52⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe53⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrxlll.exec:\xrrxlll.exe55⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\3vdjj.exec:\3vdjj.exe59⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\3rfflrx.exec:\3rfflrx.exe61⤵
- Executes dropped EXE
-
\??\c:\hnttth.exec:\hnttth.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe63⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\rxlxllf.exec:\rxlxllf.exe65⤵
- Executes dropped EXE
-
\??\c:\1lrrlxx.exec:\1lrrlxx.exe66⤵
-
\??\c:\5ntbbb.exec:\5ntbbb.exe67⤵
-
\??\c:\3nbthh.exec:\3nbthh.exe68⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe69⤵
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe70⤵
-
\??\c:\xrrxxff.exec:\xrrxxff.exe71⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe72⤵
-
\??\c:\xxfxflx.exec:\xxfxflx.exe73⤵
-
\??\c:\1hbtnh.exec:\1hbtnh.exe74⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe75⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe76⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe77⤵
-
\??\c:\hbbbth.exec:\hbbbth.exe78⤵
-
\??\c:\1thbhh.exec:\1thbhh.exe79⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe80⤵
-
\??\c:\rllflrl.exec:\rllflrl.exe81⤵
-
\??\c:\5xxxrrl.exec:\5xxxrrl.exe82⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe83⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe84⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe85⤵
-
\??\c:\xfxxrrr.exec:\xfxxrrr.exe86⤵
-
\??\c:\nbbhhb.exec:\nbbhhb.exe87⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe88⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe89⤵
-
\??\c:\rfrfffr.exec:\rfrfffr.exe90⤵
-
\??\c:\xlrllff.exec:\xlrllff.exe91⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe92⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe93⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe94⤵
-
\??\c:\frrfxxl.exec:\frrfxxl.exe95⤵
-
\??\c:\lfflfff.exec:\lfflfff.exe96⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe97⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe98⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe99⤵
-
\??\c:\5fxxrrr.exec:\5fxxrrr.exe100⤵
-
\??\c:\1nnhht.exec:\1nnhht.exe101⤵
-
\??\c:\9djjv.exec:\9djjv.exe102⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe103⤵
-
\??\c:\xlfxrlx.exec:\xlfxrlx.exe104⤵
-
\??\c:\lfrlflf.exec:\lfrlflf.exe105⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe106⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe107⤵
-
\??\c:\pjppd.exec:\pjppd.exe108⤵
-
\??\c:\7rrlffr.exec:\7rrlffr.exe109⤵
-
\??\c:\rfxrrrl.exec:\rfxrrrl.exe110⤵
-
\??\c:\tbhbth.exec:\tbhbth.exe111⤵
-
\??\c:\httttb.exec:\httttb.exe112⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe113⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe114⤵
-
\??\c:\5fxrlrl.exec:\5fxrlrl.exe115⤵
-
\??\c:\3xxxxxr.exec:\3xxxxxr.exe116⤵
-
\??\c:\httthb.exec:\httthb.exe117⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe118⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe119⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe120⤵
-
\??\c:\7nnhhn.exec:\7nnhhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-