Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 21:55
General
-
Target
63b7ce89c421ec6a1fcd8be60ddc34fc33d92d73f9cb9145010f18faf070091a.exe
-
Size
78KB
-
MD5
8bee09cfc2c228897bd40f42b83b661d
-
SHA1
23167dd6efe8fc926b9609da1eef3aa90b942307
-
SHA256
63b7ce89c421ec6a1fcd8be60ddc34fc33d92d73f9cb9145010f18faf070091a
-
SHA512
36274662c2b50216f47957f242b61d845e55cf91d0a77f4487266c37f4834beeee7a28d3d946d87d8c69703126c7ebca8010e801e93aa979557d0bbadcea627c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHSYq0:ymb3NkkiQ3mdBjFIpkPcy8qsHSH0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\63b7ce89c421ec6a1fcd8be60ddc34fc33d92d73f9cb9145010f18faf070091a.exe"C:\Users\Admin\AppData\Local\Temp\63b7ce89c421ec6a1fcd8be60ddc34fc33d92d73f9cb9145010f18faf070091a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrlll.exec:\rfxrlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlff.exec:\rlrrlff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnb.exec:\httnnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxxxx.exec:\xffxxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnh.exec:\bbtnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdj.exec:\vdpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llfxfx.exec:\5llfxfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtb.exec:\btnhtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbbb.exec:\bnhbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddv.exec:\pdddv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdv.exec:\9djdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxr.exec:\lffxxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bttnn.exec:\7bttnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxrrf.exec:\frrxrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\rxlrrxl.exec:\rxlrrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\5nnhhh.exec:\5nnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\tnthth.exec:\tnthth.exe28⤵
- Executes dropped EXE
-
\??\c:\9hnhbb.exec:\9hnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\7lxrxxx.exec:\7lxrxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\nnnttt.exec:\nnnttt.exe32⤵
- Executes dropped EXE
-
\??\c:\7ppvj.exec:\7ppvj.exe33⤵
- Executes dropped EXE
-
\??\c:\xflfxxr.exec:\xflfxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\5nbhtb.exec:\5nbhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe37⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe38⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\frrrlll.exec:\frrrlll.exe41⤵
- Executes dropped EXE
-
\??\c:\hhnnnh.exec:\hhnnnh.exe42⤵
- Executes dropped EXE
-
\??\c:\hhntbn.exec:\hhntbn.exe43⤵
- Executes dropped EXE
-
\??\c:\1ppjv.exec:\1ppjv.exe44⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe45⤵
- Executes dropped EXE
-
\??\c:\rxflxfx.exec:\rxflxfx.exe46⤵
- Executes dropped EXE
-
\??\c:\flllffx.exec:\flllffx.exe47⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\9nnhbb.exec:\9nnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe50⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe51⤵
- Executes dropped EXE
-
\??\c:\frxrllr.exec:\frxrllr.exe52⤵
- Executes dropped EXE
-
\??\c:\lxflffl.exec:\lxflffl.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\httnnh.exec:\httnnh.exe54⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe56⤵
- Executes dropped EXE
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe57⤵
- Executes dropped EXE
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbtth.exec:\tbbtth.exe59⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe61⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\lflfxxx.exec:\lflfxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xlfxrll.exec:\xlfxrll.exe64⤵
- Executes dropped EXE
-
\??\c:\5bhbhh.exec:\5bhbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\hhthnh.exec:\hhthnh.exe66⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe67⤵
-
\??\c:\7jvpv.exec:\7jvpv.exe68⤵
-
\??\c:\xxrrlrx.exec:\xxrrlrx.exe69⤵
-
\??\c:\rrxxxxr.exec:\rrxxxxr.exe70⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe71⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe72⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe73⤵
-
\??\c:\9fxrllf.exec:\9fxrllf.exe74⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe75⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe76⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe77⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe78⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe79⤵
-
\??\c:\bbtnth.exec:\bbtnth.exe80⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe81⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe82⤵
-
\??\c:\1nntnn.exec:\1nntnn.exe83⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe84⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe85⤵
-
\??\c:\3lrlllf.exec:\3lrlllf.exe86⤵
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe87⤵
-
\??\c:\nhnhht.exec:\nhnhht.exe88⤵
-
\??\c:\dvppv.exec:\dvppv.exe89⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe90⤵
-
\??\c:\lrflrfl.exec:\lrflrfl.exe91⤵
-
\??\c:\9nbtbb.exec:\9nbtbb.exe92⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvddv.exec:\vvddv.exe94⤵
-
\??\c:\fllrllf.exec:\fllrllf.exe95⤵
-
\??\c:\lxxfffx.exec:\lxxfffx.exe96⤵
-
\??\c:\bhbhhh.exec:\bhbhhh.exe97⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe98⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe99⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe100⤵
-
\??\c:\lllllll.exec:\lllllll.exe101⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe102⤵
-
\??\c:\hhtntn.exec:\hhtntn.exe103⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe104⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe105⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe106⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe107⤵
-
\??\c:\xfxxrrr.exec:\xfxxrrr.exe108⤵
-
\??\c:\3tthbh.exec:\3tthbh.exe109⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe110⤵
-
\??\c:\vppjp.exec:\vppjp.exe111⤵
-
\??\c:\pddpp.exec:\pddpp.exe112⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe113⤵
-
\??\c:\rfllrrx.exec:\rfllrrx.exe114⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe115⤵
-
\??\c:\7hnntt.exec:\7hnntt.exe116⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe117⤵
-
\??\c:\jvddv.exec:\jvddv.exe118⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe119⤵
-
\??\c:\5flfxxr.exec:\5flfxxr.exe120⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-