Analysis
-
max time kernel
120s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-09-2024 03:27
General
-
Target
69cb80d5a3db78996cbef0e7f86182a92e689f3d8d964b244ed0a596fe385cb2N.exe
-
Size
593KB
-
MD5
4081cbe3e7376ce450e2802b823fd6b0
-
SHA1
7e677856ae40d735168aa79bbfdc4edbb47873a9
-
SHA256
69cb80d5a3db78996cbef0e7f86182a92e689f3d8d964b244ed0a596fe385cb2
-
SHA512
4024219d4520e9868527d7cba962a53ee011e2ef753119649b4e52a6c04766e6f055bf627ba9f2560178af3aecc016e1efa8b52ffec4152f07163b7e189491d2
-
SSDEEP
6144:n3C9BRIj+ebjcSbcY+CaQdaFOY4iGFYtRdzzoyYxJAyfgayL6:n3C9Lebz+xt4vFeFmgay+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\69cb80d5a3db78996cbef0e7f86182a92e689f3d8d964b244ed0a596fe385cb2N.exe"C:\Users\Admin\AppData\Local\Temp\69cb80d5a3db78996cbef0e7f86182a92e689f3d8d964b244ed0a596fe385cb2N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxr.exec:\xflfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbbb.exec:\nbnbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvj.exec:\pppvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flfxxr.exec:\5flfxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbhh.exec:\tnnbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxrrl.exec:\flxxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnh.exec:\nnnnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrlll.exec:\flxrlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxfxr.exec:\rxxxfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtnn.exec:\tbhtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvvj.exec:\7vvvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxxrlx.exec:\5fxxrlx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbth.exec:\ntbbth.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbnn.exec:\1thbnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnbb.exec:\9ntnbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrrxr.exec:\rrlrrxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\fffxrll.exec:\fffxrll.exe24⤵
- Executes dropped EXE
-
\??\c:\5jpjv.exec:\5jpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\frxrffl.exec:\frxrffl.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxrllf.exec:\lrxrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhttn.exec:\tbhttn.exe28⤵
- Executes dropped EXE
-
\??\c:\flrlxxr.exec:\flrlxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbhth.exec:\hnbhth.exe30⤵
- Executes dropped EXE
-
\??\c:\rxlfllr.exec:\rxlfllr.exe31⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\5pvpj.exec:\5pvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\7xfxfff.exec:\7xfxfff.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\5frlfxr.exec:\5frlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\hhbbnn.exec:\hhbbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\bhnhnh.exec:\bhnhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rffxffx.exec:\rffxffx.exe40⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe42⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe43⤵
- Executes dropped EXE
-
\??\c:\rffxrrx.exec:\rffxrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\bbnhbh.exec:\bbnhbh.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe46⤵
- Executes dropped EXE
-
\??\c:\xrllxxr.exec:\xrllxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\7hhnbh.exec:\7hhnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe49⤵
- Executes dropped EXE
-
\??\c:\xllfrlx.exec:\xllfrlx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnbhn.exec:\hhnbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\1pppd.exec:\1pppd.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\5xlfrrr.exec:\5xlfrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\5hbbbb.exec:\5hbbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe56⤵
- Executes dropped EXE
-
\??\c:\xllfxxx.exec:\xllfxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\5btnhn.exec:\5btnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\1ntnnn.exec:\1ntnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\tbtbbb.exec:\tbtbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe63⤵
- Executes dropped EXE
-
\??\c:\1rfxffx.exec:\1rfxffx.exe64⤵
- Executes dropped EXE
-
\??\c:\hnhbtt.exec:\hnhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe66⤵
-
\??\c:\fxxxxrr.exec:\fxxxxrr.exe67⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe68⤵
-
\??\c:\ntbbth.exec:\ntbbth.exe69⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe70⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe71⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe72⤵
-
\??\c:\7dpjd.exec:\7dpjd.exe73⤵
-
\??\c:\lxxxrrx.exec:\lxxxrrx.exe74⤵
-
\??\c:\3bthbt.exec:\3bthbt.exe75⤵
-
\??\c:\dddvj.exec:\dddvj.exe76⤵
-
\??\c:\xffxrll.exec:\xffxrll.exe77⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe78⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe79⤵
-
\??\c:\1lfxrfx.exec:\1lfxrfx.exe80⤵
-
\??\c:\nbnhbt.exec:\nbnhbt.exe81⤵
-
\??\c:\pddvp.exec:\pddvp.exe82⤵
-
\??\c:\fxrfxrf.exec:\fxrfxrf.exe83⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe84⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe85⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe86⤵
-
\??\c:\xrrlffl.exec:\xrrlffl.exe87⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe88⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe89⤵
-
\??\c:\5vvjd.exec:\5vvjd.exe90⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe91⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe92⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe93⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe94⤵
-
\??\c:\lllfxrl.exec:\lllfxrl.exe95⤵
-
\??\c:\tbbnht.exec:\tbbnht.exe96⤵
-
\??\c:\pddvp.exec:\pddvp.exe97⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe98⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe99⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe100⤵
-
\??\c:\5llfxlf.exec:\5llfxlf.exe101⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe102⤵
-
\??\c:\nbthnn.exec:\nbthnn.exe103⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe104⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe105⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe106⤵
-
\??\c:\dpddd.exec:\dpddd.exe107⤵
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe108⤵
-
\??\c:\hthtnh.exec:\hthtnh.exe109⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe110⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe111⤵
-
\??\c:\1flfrrl.exec:\1flfrrl.exe112⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe113⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe114⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe115⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe116⤵
-
\??\c:\9jpdv.exec:\9jpdv.exe117⤵
-
\??\c:\flxlxxr.exec:\flxlxxr.exe118⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe119⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe120⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-