Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19/09/2024, 04:41
General
-
Target
f9b57753d8a24987669f07e596989aec4c377eaeaf94fb639ea8cbaa6ca2cd47N.exe
-
Size
74KB
-
MD5
93bbf19da1860bd5e537ab11edeee0d0
-
SHA1
5e9c3ea3b0c64d659963147734a5c060b973e6fb
-
SHA256
f9b57753d8a24987669f07e596989aec4c377eaeaf94fb639ea8cbaa6ca2cd47
-
SHA512
a8c07f28f39e149af4bc8e8bdc6499c736c14bd58756b7c5785b4190bbebc2983f827826a63826381ef988fc3460f1625d928bd670a213cb7ce005bbf70d9825
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmP5O:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9b57753d8a24987669f07e596989aec4c377eaeaf94fb639ea8cbaa6ca2cd47N.exe"C:\Users\Admin\AppData\Local\Temp\f9b57753d8a24987669f07e596989aec4c377eaeaf94fb639ea8cbaa6ca2cd47N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxlxr.exec:\fflxlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtb.exec:\ttnhtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbb.exec:\tthnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrflx.exec:\xxrrflx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbh.exec:\hhnhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvj.exec:\ddpvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxxl.exec:\ffffxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthn.exec:\bbnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddj.exec:\5jddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnn.exec:\hbhnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnntt.exec:\3tnntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpv.exec:\7jvpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlflf.exec:\lfrlflf.exe17⤵
- Executes dropped EXE
-
\??\c:\llllxrx.exec:\llllxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\hbbntb.exec:\hbbntb.exe19⤵
- Executes dropped EXE
-
\??\c:\7pddp.exec:\7pddp.exe20⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe21⤵
- Executes dropped EXE
-
\??\c:\9rlxllr.exec:\9rlxllr.exe22⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe23⤵
- Executes dropped EXE
-
\??\c:\tbthht.exec:\tbthht.exe24⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe25⤵
- Executes dropped EXE
-
\??\c:\3rrllxl.exec:\3rrllxl.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlrxxf.exec:\rrlrxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\hhntbn.exec:\hhntbn.exe28⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe29⤵
- Executes dropped EXE
-
\??\c:\1flrflr.exec:\1flrflr.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\hntnnb.exec:\hntnnb.exe32⤵
- Executes dropped EXE
-
\??\c:\1jdvj.exec:\1jdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe34⤵
- Executes dropped EXE
-
\??\c:\xxflxxr.exec:\xxflxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\1xrllfl.exec:\1xrllfl.exe36⤵
- Executes dropped EXE
-
\??\c:\1httbb.exec:\1httbb.exe37⤵
- Executes dropped EXE
-
\??\c:\tbtnnh.exec:\tbtnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\5jvpv.exec:\5jvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxxxflx.exec:\fxxxflx.exe41⤵
- Executes dropped EXE
-
\??\c:\9rrlfrr.exec:\9rrlfrr.exe42⤵
- Executes dropped EXE
-
\??\c:\1rlflff.exec:\1rlflff.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bthntt.exec:\bthntt.exe44⤵
- Executes dropped EXE
-
\??\c:\bthtbb.exec:\bthtbb.exe45⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe48⤵
- Executes dropped EXE
-
\??\c:\flxxfrf.exec:\flxxfrf.exe49⤵
- Executes dropped EXE
-
\??\c:\httntb.exec:\httntb.exe50⤵
- Executes dropped EXE
-
\??\c:\bnhhht.exec:\bnhhht.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe53⤵
- Executes dropped EXE
-
\??\c:\xllxxfl.exec:\xllxxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\5nhhtt.exec:\5nhhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\vjpvj.exec:\vjpvj.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrllfl.exec:\rfrllfl.exe59⤵
- Executes dropped EXE
-
\??\c:\lxllrxl.exec:\lxllrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxlxlr.exec:\rlxlxlr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\9vjjv.exec:\9vjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe65⤵
- Executes dropped EXE
-
\??\c:\rxxflrl.exec:\rxxflrl.exe66⤵
-
\??\c:\lxlllfl.exec:\lxlllfl.exe67⤵
-
\??\c:\bnhthn.exec:\bnhthn.exe68⤵
-
\??\c:\nntthb.exec:\nntthb.exe69⤵
-
\??\c:\5pppp.exec:\5pppp.exe70⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe71⤵
-
\??\c:\7lrlrxf.exec:\7lrlrxf.exe72⤵
-
\??\c:\xlrlffr.exec:\xlrlffr.exe73⤵
-
\??\c:\nnbtth.exec:\nnbtth.exe74⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe75⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe76⤵
-
\??\c:\7xlflfl.exec:\7xlflfl.exe77⤵
-
\??\c:\frxflfl.exec:\frxflfl.exe78⤵
-
\??\c:\3lffffl.exec:\3lffffl.exe79⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe80⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe81⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe82⤵
-
\??\c:\xxrfflr.exec:\xxrfflr.exe83⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe84⤵
-
\??\c:\3nhtbb.exec:\3nhtbb.exe85⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe86⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe87⤵
-
\??\c:\xrfxffr.exec:\xrfxffr.exe88⤵
-
\??\c:\xlfflrx.exec:\xlfflrx.exe89⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe90⤵
-
\??\c:\nbtntb.exec:\nbtntb.exe91⤵
-
\??\c:\dddjp.exec:\dddjp.exe92⤵
-
\??\c:\rflxflr.exec:\rflxflr.exe93⤵
-
\??\c:\7rlxlrf.exec:\7rlxlrf.exe94⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe95⤵
-
\??\c:\7nhtbn.exec:\7nhtbn.exe96⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe97⤵
-
\??\c:\djdvj.exec:\djdvj.exe98⤵
-
\??\c:\xrfflrf.exec:\xrfflrf.exe99⤵
-
\??\c:\xlllflr.exec:\xlllflr.exe100⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe101⤵
-
\??\c:\ttttht.exec:\ttttht.exe102⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe103⤵
-
\??\c:\xrrxlfl.exec:\xrrxlfl.exe104⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe105⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe106⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe107⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe108⤵
-
\??\c:\jdppd.exec:\jdppd.exe109⤵
-
\??\c:\rxlxlxf.exec:\rxlxlxf.exe110⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe111⤵
-
\??\c:\nhbttb.exec:\nhbttb.exe112⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe113⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe114⤵
-
\??\c:\xrrrxrr.exec:\xrrrxrr.exe115⤵
-
\??\c:\btthhb.exec:\btthhb.exe116⤵
-
\??\c:\hbhtbn.exec:\hbhtbn.exe117⤵
-
\??\c:\5vpvv.exec:\5vpvv.exe118⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe119⤵
-
\??\c:\5fxxffl.exec:\5fxxffl.exe120⤵
-
\??\c:\rxlrffl.exec:\rxlrffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-