Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-09-2024 05:37
General
-
Target
5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76N.exe
-
Size
93KB
-
MD5
7c8bbac05092a7980d8791757ae39220
-
SHA1
bdd9dc98020e6b1cda4cde2f6ab8e1cff39f06ea
-
SHA256
5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76
-
SHA512
54353045145b217fd48c08f0966bba7d40dce285a54503eb6476250e5d01fa4fe57909df13d1775ca0828c5e0e648253ba1d770d89f32b8eec93ad753dea5a1e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xQ5s:ymb3NkkiQ3mdBjF+3TU20LQy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76N.exe"C:\Users\Admin\AppData\Local\Temp\5c8febe6cfa4254758def157de243766a85a5d94b76301a987c328ceb88f4c76N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffff.exec:\rllffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhnt.exec:\ttbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxr.exec:\lfffxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttt.exec:\tttttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtb.exec:\nhhbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxlll.exec:\xffxlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfff.exec:\frrlfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvd.exec:\jpdvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvd.exec:\dvvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffxr.exec:\rllffxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnhh.exec:\9ntnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdp.exec:\dpvdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlllf.exec:\xrrlllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvv.exec:\ppjvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrxxr.exec:\3lxrxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe23⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\5xxrrrr.exec:\5xxrrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\9flrlrl.exec:\9flrlrl.exe26⤵
- Executes dropped EXE
-
\??\c:\nntnhn.exec:\nntnhn.exe27⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe28⤵
- Executes dropped EXE
-
\??\c:\5pdvp.exec:\5pdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\9jpjd.exec:\9jpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe31⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe32⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\lrxxrxx.exec:\lrxxrxx.exe34⤵
- Executes dropped EXE
-
\??\c:\3tnnnt.exec:\3tnnnt.exe35⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe36⤵
- Executes dropped EXE
-
\??\c:\7xlfxxx.exec:\7xlfxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\bbnnnn.exec:\bbnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\ffrllxx.exec:\ffrllxx.exe39⤵
- Executes dropped EXE
-
\??\c:\frffrrr.exec:\frffrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\9jvjd.exec:\9jvjd.exe41⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\1rxrllf.exec:\1rxrllf.exe44⤵
- Executes dropped EXE
-
\??\c:\thhhnn.exec:\thhhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\9xlfxfx.exec:\9xlfxfx.exe46⤵
- Executes dropped EXE
-
\??\c:\3nnnhh.exec:\3nnnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\3hnhhh.exec:\3hnhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\5pvjj.exec:\5pvjj.exe49⤵
- Executes dropped EXE
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\frrffxx.exec:\frrffxx.exe51⤵
- Executes dropped EXE
-
\??\c:\7btnnh.exec:\7btnnh.exe52⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\3djdp.exec:\3djdp.exe54⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe55⤵
- Executes dropped EXE
-
\??\c:\3xxxrrr.exec:\3xxxrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlffff.exec:\rrlffff.exe61⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe63⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe64⤵
- Executes dropped EXE
-
\??\c:\3rllrrf.exec:\3rllrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\llxrfff.exec:\llxrfff.exe66⤵
-
\??\c:\bhntbh.exec:\bhntbh.exe67⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe68⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe69⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe70⤵
-
\??\c:\9vdjd.exec:\9vdjd.exe71⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddddv.exec:\ddddv.exe72⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hntttt.exec:\hntttt.exe74⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe75⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe76⤵
-
\??\c:\7rxrlrx.exec:\7rxrlrx.exe77⤵
-
\??\c:\1flrrxx.exec:\1flrrxx.exe78⤵
-
\??\c:\bntntn.exec:\bntntn.exe79⤵
-
\??\c:\nntbbn.exec:\nntbbn.exe80⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe81⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe82⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe83⤵
-
\??\c:\nbhhbh.exec:\nbhhbh.exe84⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe85⤵
-
\??\c:\pddjj.exec:\pddjj.exe86⤵
-
\??\c:\fllfxff.exec:\fllfxff.exe87⤵
-
\??\c:\9ffffll.exec:\9ffffll.exe88⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe89⤵
-
\??\c:\vppvv.exec:\vppvv.exe90⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe91⤵
-
\??\c:\fffxrxx.exec:\fffxrxx.exe92⤵
-
\??\c:\rxxlffx.exec:\rxxlffx.exe93⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe94⤵
-
\??\c:\djvjd.exec:\djvjd.exe95⤵
-
\??\c:\pdppj.exec:\pdppj.exe96⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe97⤵
-
\??\c:\hhhnht.exec:\hhhnht.exe98⤵
-
\??\c:\1btnnn.exec:\1btnnn.exe99⤵
-
\??\c:\djpjd.exec:\djpjd.exe100⤵
-
\??\c:\xxrlllf.exec:\xxrlllf.exe101⤵
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe102⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe103⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe104⤵
-
\??\c:\jvddv.exec:\jvddv.exe105⤵
-
\??\c:\fllxxrr.exec:\fllxxrr.exe106⤵
-
\??\c:\ffxlfxl.exec:\ffxlfxl.exe107⤵
-
\??\c:\3tnntb.exec:\3tnntb.exe108⤵
-
\??\c:\3tbtnn.exec:\3tbtnn.exe109⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe110⤵
-
\??\c:\1rxfxff.exec:\1rxfxff.exe111⤵
-
\??\c:\lrrllll.exec:\lrrllll.exe112⤵
-
\??\c:\thhthh.exec:\thhthh.exe113⤵
-
\??\c:\btbbnb.exec:\btbbnb.exe114⤵
-
\??\c:\5dpdj.exec:\5dpdj.exe115⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe116⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe117⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe118⤵
-
\??\c:\djpjj.exec:\djpjj.exe119⤵
-
\??\c:\9xxxxff.exec:\9xxxxff.exe120⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-