Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 03:51
General
-
Target
9470bea50c62ee7f6a001a5b43c162dae9c1af6594cf12b8a541dc156b44d62eN.exe
-
Size
67KB
-
MD5
3d7f150d61e1b668d68ef7f24d2dbb70
-
SHA1
41a1a1bec653332adf3d3f209ca2db80075e8198
-
SHA256
9470bea50c62ee7f6a001a5b43c162dae9c1af6594cf12b8a541dc156b44d62e
-
SHA512
55ebdcb87d2d6be2bfd5e608062f303fe0699a251864d696dc01f5186e08aa19d2cc4c8ff78d049f6e5db2862471bf9bed3401916636468ffc15f9dc515b33b4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfo4o:ymb3NkkiQ3mdBjFI9cqfVo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9470bea50c62ee7f6a001a5b43c162dae9c1af6594cf12b8a541dc156b44d62eN.exe"C:\Users\Admin\AppData\Local\Temp\9470bea50c62ee7f6a001a5b43c162dae9c1af6594cf12b8a541dc156b44d62eN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrfxl.exec:\xffrfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrlf.exec:\lrrrrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnntb.exec:\bnnntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvp.exec:\7jdvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffrrll.exec:\5ffrrll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxrfx.exec:\fllxrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfxllx.exec:\9lfxllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbth.exec:\tthbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflflx.exec:\rfflflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbn.exec:\thtbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbth.exec:\hbbbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtb.exec:\bbhbtb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxlfx.exec:\lxrxlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthbt.exec:\9hthbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjj.exec:\5jpjj.exe23⤵
- Executes dropped EXE
-
\??\c:\5ffrfxr.exec:\5ffrfxr.exe24⤵
- Executes dropped EXE
-
\??\c:\lxfrlfl.exec:\lxfrlfl.exe25⤵
- Executes dropped EXE
-
\??\c:\nhhtnh.exec:\nhhtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\ntnbhb.exec:\ntnbhb.exe27⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\frflfxf.exec:\frflfxf.exe29⤵
- Executes dropped EXE
-
\??\c:\tbbtnb.exec:\tbbtnb.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhnbt.exec:\bnhnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe32⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\9rfrxrf.exec:\9rfrxrf.exe34⤵
- Executes dropped EXE
-
\??\c:\htbbbt.exec:\htbbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\3bnbnh.exec:\3bnbnh.exe36⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\7rxllff.exec:\7rxllff.exe39⤵
- Executes dropped EXE
-
\??\c:\ffflxlf.exec:\ffflxlf.exe40⤵
- Executes dropped EXE
-
\??\c:\7hhbnh.exec:\7hhbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\bbnnnt.exec:\bbnnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe43⤵
- Executes dropped EXE
-
\??\c:\pvdjj.exec:\pvdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe45⤵
- Executes dropped EXE
-
\??\c:\1rrlfxx.exec:\1rrlfxx.exe46⤵
- Executes dropped EXE
-
\??\c:\frxllff.exec:\frxllff.exe47⤵
- Executes dropped EXE
-
\??\c:\nbhtbt.exec:\nbhtbt.exe48⤵
- Executes dropped EXE
-
\??\c:\7bhthb.exec:\7bhthb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\3ffrxrx.exec:\3ffrxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\hnnbhb.exec:\hnnbhb.exe53⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe54⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe55⤵
- Executes dropped EXE
-
\??\c:\frrflfr.exec:\frrflfr.exe56⤵
- Executes dropped EXE
-
\??\c:\frxxfxl.exec:\frxxfxl.exe57⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe58⤵
- Executes dropped EXE
-
\??\c:\bnhtbt.exec:\bnhtbt.exe59⤵
- Executes dropped EXE
-
\??\c:\3jvvd.exec:\3jvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\7pjvd.exec:\7pjvd.exe61⤵
- Executes dropped EXE
-
\??\c:\rxlxxrl.exec:\rxlxxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrxlfx.exec:\lxrxlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhntn.exec:\nhhntn.exe65⤵
- Executes dropped EXE
-
\??\c:\3pjdv.exec:\3pjdv.exe66⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe67⤵
-
\??\c:\1xxlxrl.exec:\1xxlxrl.exe68⤵
-
\??\c:\xrlflfr.exec:\xrlflfr.exe69⤵
-
\??\c:\bnhnht.exec:\bnhnht.exe70⤵
-
\??\c:\thhbth.exec:\thhbth.exe71⤵
-
\??\c:\3vpjp.exec:\3vpjp.exe72⤵
-
\??\c:\jddpj.exec:\jddpj.exe73⤵
-
\??\c:\rfrflfr.exec:\rfrflfr.exe74⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe75⤵
-
\??\c:\thbtbt.exec:\thbtbt.exe76⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe77⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe78⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe79⤵
-
\??\c:\xxrxlfr.exec:\xxrxlfr.exe80⤵
-
\??\c:\frflrlx.exec:\frflrlx.exe81⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe82⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe83⤵
-
\??\c:\djdpd.exec:\djdpd.exe84⤵
-
\??\c:\ffflfll.exec:\ffflfll.exe85⤵
-
\??\c:\frlxrlx.exec:\frlxrlx.exe86⤵
-
\??\c:\lllxllx.exec:\lllxllx.exe87⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe88⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe89⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe90⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe91⤵
-
\??\c:\djvvv.exec:\djvvv.exe92⤵
-
\??\c:\xlflxfx.exec:\xlflxfx.exe93⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe94⤵
-
\??\c:\7hnhhb.exec:\7hnhhb.exe95⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe96⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe97⤵
-
\??\c:\xllxxll.exec:\xllxxll.exe98⤵
-
\??\c:\3xfxflx.exec:\3xfxflx.exe99⤵
-
\??\c:\tbbtht.exec:\tbbtht.exe100⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe101⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe102⤵
-
\??\c:\5xrlxrl.exec:\5xrlxrl.exe103⤵
-
\??\c:\rxrrffx.exec:\rxrrffx.exe104⤵
-
\??\c:\5rffrrx.exec:\5rffrrx.exe105⤵
-
\??\c:\thnttt.exec:\thnttt.exe106⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe107⤵
-
\??\c:\djpvv.exec:\djpvv.exe108⤵
-
\??\c:\rffrlfr.exec:\rffrlfr.exe109⤵
-
\??\c:\rlflfll.exec:\rlflfll.exe110⤵
-
\??\c:\ntnbth.exec:\ntnbth.exe111⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe112⤵
-
\??\c:\5jpdv.exec:\5jpdv.exe113⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe114⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe115⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe116⤵
-
\??\c:\bthnht.exec:\bthnht.exe117⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe118⤵
-
\??\c:\djvvv.exec:\djvvv.exe119⤵
-
\??\c:\lrfrxrx.exec:\lrfrxrx.exe120⤵
-
\??\c:\tbbhhb.exec:\tbbhhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-