Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
19-09-2024 05:37
General
-
Target
5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76N.exe
-
Size
93KB
-
MD5
7c8bbac05092a7980d8791757ae39220
-
SHA1
bdd9dc98020e6b1cda4cde2f6ab8e1cff39f06ea
-
SHA256
5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76
-
SHA512
54353045145b217fd48c08f0966bba7d40dce285a54503eb6476250e5d01fa4fe57909df13d1775ca0828c5e0e648253ba1d770d89f32b8eec93ad753dea5a1e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xQ5s:ymb3NkkiQ3mdBjF+3TU20LQy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76N.exe"C:\Users\Admin\AppData\Local\Temp\5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lffllrr.exec:\lffllrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxfxf.exec:\xrrxfxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllrlr.exec:\lxllrlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttn.exec:\hnbttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjp.exec:\1pvjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxxl.exec:\llflxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxxfx.exec:\rfrxxfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthh.exec:\btnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vddv.exec:\1vddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvdp.exec:\1dvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffrxx.exec:\lxffrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthh.exec:\ttnthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe17⤵
- Executes dropped EXE
-
\??\c:\1fllllr.exec:\1fllllr.exe18⤵
- Executes dropped EXE
-
\??\c:\xrxxllx.exec:\xrxxllx.exe19⤵
- Executes dropped EXE
-
\??\c:\nhthht.exec:\nhthht.exe20⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe21⤵
- Executes dropped EXE
-
\??\c:\5jppv.exec:\5jppv.exe22⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe23⤵
- Executes dropped EXE
-
\??\c:\7frxffl.exec:\7frxffl.exe24⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe25⤵
- Executes dropped EXE
-
\??\c:\9ttbhn.exec:\9ttbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\tnthnn.exec:\tnthnn.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpvvp.exec:\dpvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\rrlrffl.exec:\rrlrffl.exe29⤵
- Executes dropped EXE
-
\??\c:\3llrfrx.exec:\3llrfrx.exe30⤵
- Executes dropped EXE
-
\??\c:\3tnnnt.exec:\3tnnnt.exe31⤵
- Executes dropped EXE
-
\??\c:\nnnhnn.exec:\nnnhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe33⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\lxffxrl.exec:\lxffxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxxxrx.exec:\rfxxxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\9htbhh.exec:\9htbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe41⤵
- Executes dropped EXE
-
\??\c:\llxrffl.exec:\llxrffl.exe42⤵
- Executes dropped EXE
-
\??\c:\ttnhnt.exec:\ttnhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe45⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe46⤵
- Executes dropped EXE
-
\??\c:\3rfrxff.exec:\3rfrxff.exe47⤵
- Executes dropped EXE
-
\??\c:\thnthb.exec:\thnthb.exe48⤵
- Executes dropped EXE
-
\??\c:\thnnnh.exec:\thnnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\1jvpp.exec:\1jvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\lflrxfl.exec:\lflrxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlxllr.exec:\xrlxllr.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnthh.exec:\nhnthh.exe54⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe55⤵
- Executes dropped EXE
-
\??\c:\7jjpp.exec:\7jjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\3xllrxl.exec:\3xllrxl.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe59⤵
- Executes dropped EXE
-
\??\c:\nhthhn.exec:\nhthhn.exe60⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe61⤵
- Executes dropped EXE
-
\??\c:\1ppvv.exec:\1ppvv.exe62⤵
- Executes dropped EXE
-
\??\c:\fxffrrx.exec:\fxffrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\frxffll.exec:\frxffll.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbhbn.exec:\tnbhbn.exe65⤵
- Executes dropped EXE
-
\??\c:\bnnnbh.exec:\bnnnbh.exe66⤵
-
\??\c:\rrlrflr.exec:\rrlrflr.exe67⤵
-
\??\c:\frxxfxf.exec:\frxxfxf.exe68⤵
-
\??\c:\nnbthn.exec:\nnbthn.exe69⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe70⤵
-
\??\c:\9jvdd.exec:\9jvdd.exe71⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe73⤵
-
\??\c:\3lxfrlf.exec:\3lxfrlf.exe74⤵
-
\??\c:\3bbbhn.exec:\3bbbhn.exe75⤵
-
\??\c:\3tnthb.exec:\3tnthb.exe76⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe77⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe78⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe79⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe80⤵
-
\??\c:\xxlxxfl.exec:\xxlxxfl.exe81⤵
-
\??\c:\1nhttt.exec:\1nhttt.exe82⤵
-
\??\c:\7ntttn.exec:\7ntttn.exe83⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe84⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe85⤵
-
\??\c:\1xlxlrr.exec:\1xlxlrr.exe86⤵
-
\??\c:\3ffxfxx.exec:\3ffxfxx.exe87⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe88⤵
-
\??\c:\hhbttn.exec:\hhbttn.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jddvv.exec:\jddvv.exe90⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe91⤵
-
\??\c:\9xfrrrx.exec:\9xfrrrx.exe92⤵
-
\??\c:\xlrlrff.exec:\xlrlrff.exe93⤵
-
\??\c:\lxffxxf.exec:\lxffxxf.exe94⤵
-
\??\c:\bhnhnb.exec:\bhnhnb.exe95⤵
-
\??\c:\thnnth.exec:\thnnth.exe96⤵
-
\??\c:\3vpdd.exec:\3vpdd.exe97⤵
-
\??\c:\pdddv.exec:\pdddv.exe98⤵
-
\??\c:\9vpvv.exec:\9vpvv.exe99⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe100⤵
-
\??\c:\xlllxrx.exec:\xlllxrx.exe101⤵
-
\??\c:\1fxffxf.exec:\1fxffxf.exe102⤵
-
\??\c:\5hntth.exec:\5hntth.exe103⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe104⤵
-
\??\c:\9pjpp.exec:\9pjpp.exe105⤵
-
\??\c:\7vppj.exec:\7vppj.exe106⤵
-
\??\c:\frxxxrr.exec:\frxxxrr.exe107⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe108⤵
-
\??\c:\fxrfflr.exec:\fxrfflr.exe109⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe110⤵
-
\??\c:\3bnhhb.exec:\3bnhhb.exe111⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe112⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe113⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe114⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe115⤵
-
\??\c:\7rlrrrr.exec:\7rlrrrr.exe116⤵
-
\??\c:\3nhhht.exec:\3nhhht.exe117⤵
-
\??\c:\hbnnnb.exec:\hbnnnb.exe118⤵
-
\??\c:\nbbhnn.exec:\nbbhnn.exe119⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe120⤵
-
\??\c:\vvppv.exec:\vvppv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-