Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20/09/2024, 22:14
General
-
Target
db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693aN.exe
-
Size
590KB
-
MD5
dae53a0132d9fda7de89607ef5351d80
-
SHA1
f667d33a61c10a433acab11bb7e4717f358d2eac
-
SHA256
db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693a
-
SHA512
2aa4e87015e9b9d28933d913b302c15f99faf20dbba4864102579c38f34116475b4c8b5b2cf73c1d6945cd20fcf72813d4ee2d89209067229a8d15ff7fb4ce16
-
SSDEEP
6144:n3C9BRIj+ebjcSbcY+CaQdaFOY4iGFYtRdzzoyYxJAyfgayl:n3C9Lebz+xt4vFeFmgayl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693aN.exe"C:\Users\Admin\AppData\Local\Temp\db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrrx.exec:\lfxxrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhn.exec:\hnnnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxl.exec:\lffxxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhnb.exec:\tbbhnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dppv.exec:\1dppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxflrx.exec:\7xxflrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnbb.exec:\hbhnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjv.exec:\pddjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjpv.exec:\1pjpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjp.exec:\pddjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfrxl.exec:\9xrfrxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhnn.exec:\htbhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlfflf.exec:\1xlfflf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvj.exec:\pvvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe18⤵
- Executes dropped EXE
-
\??\c:\1lxfrrf.exec:\1lxfrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe21⤵
- Executes dropped EXE
-
\??\c:\hntbnt.exec:\hntbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\rfllrrf.exec:\rfllrrf.exe25⤵
- Executes dropped EXE
-
\??\c:\9vddj.exec:\9vddj.exe26⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe27⤵
- Executes dropped EXE
-
\??\c:\5pjvd.exec:\5pjvd.exe28⤵
- Executes dropped EXE
-
\??\c:\bhntbt.exec:\bhntbt.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\thbhnt.exec:\thbhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlrlxf.exec:\xxlrlxf.exe34⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxfllr.exec:\rlxfllr.exe36⤵
- Executes dropped EXE
-
\??\c:\xllrrxf.exec:\xllrrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\bthhnh.exec:\bthhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe39⤵
- Executes dropped EXE
-
\??\c:\7vpvd.exec:\7vpvd.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lflxflx.exec:\lflxflx.exe41⤵
- Executes dropped EXE
-
\??\c:\5tbhnt.exec:\5tbhnt.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\1vjpp.exec:\1vjpp.exe44⤵
- Executes dropped EXE
-
\??\c:\xrflrfx.exec:\xrflrfx.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe46⤵
- Executes dropped EXE
-
\??\c:\hhhtbh.exec:\hhhtbh.exe47⤵
- Executes dropped EXE
-
\??\c:\5djjv.exec:\5djjv.exe48⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe49⤵
- Executes dropped EXE
-
\??\c:\frlxfll.exec:\frlxfll.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\ntbbhb.exec:\ntbbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\5jvjv.exec:\5jvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\9dddj.exec:\9dddj.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrrfxl.exec:\lfrrfxl.exe55⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\9djjp.exec:\9djjp.exe58⤵
- Executes dropped EXE
-
\??\c:\xlxfllx.exec:\xlxfllx.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\btbhnb.exec:\btbhnb.exe61⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe62⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe63⤵
- Executes dropped EXE
-
\??\c:\xrllxfr.exec:\xrllxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\llrrxff.exec:\llrrxff.exe65⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe66⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe67⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe68⤵
-
\??\c:\7lxlffl.exec:\7lxlffl.exe69⤵
-
\??\c:\btntbt.exec:\btntbt.exe70⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe71⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe72⤵
-
\??\c:\jjddp.exec:\jjddp.exe73⤵
-
\??\c:\9xflrfl.exec:\9xflrfl.exe74⤵
-
\??\c:\hhbbth.exec:\hhbbth.exe75⤵
-
\??\c:\9btttt.exec:\9btttt.exe76⤵
-
\??\c:\ppddv.exec:\ppddv.exe77⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe78⤵
-
\??\c:\7lflrfl.exec:\7lflrfl.exe79⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe80⤵
-
\??\c:\btnttb.exec:\btnttb.exe81⤵
-
\??\c:\7jdpp.exec:\7jdpp.exe82⤵
-
\??\c:\jjddd.exec:\jjddd.exe83⤵
-
\??\c:\3lxflll.exec:\3lxflll.exe84⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe85⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe86⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe87⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe88⤵
-
\??\c:\ffffrrx.exec:\ffffrrx.exe89⤵
-
\??\c:\thtbhb.exec:\thtbhb.exe90⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe91⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe92⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe93⤵
-
\??\c:\7xrxlxl.exec:\7xrxlxl.exe94⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe95⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe96⤵
-
\??\c:\bhbbhn.exec:\bhbbhn.exe97⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe98⤵
-
\??\c:\ffrxflr.exec:\ffrxflr.exe99⤵
-
\??\c:\xfrrxxf.exec:\xfrrxxf.exe100⤵
-
\??\c:\bthttt.exec:\bthttt.exe101⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe102⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe103⤵
-
\??\c:\flfrlxf.exec:\flfrlxf.exe104⤵
-
\??\c:\9fxxfff.exec:\9fxxfff.exe105⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe106⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe107⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe108⤵
-
\??\c:\fxlxlxf.exec:\fxlxlxf.exe109⤵
-
\??\c:\xrfflxl.exec:\xrfflxl.exe110⤵
-
\??\c:\7bnnhn.exec:\7bnnhn.exe111⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe112⤵
-
\??\c:\rlfflff.exec:\rlfflff.exe113⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe114⤵
-
\??\c:\3tbhnb.exec:\3tbhnb.exe115⤵
-
\??\c:\3pddd.exec:\3pddd.exe116⤵
-
\??\c:\1frxfxl.exec:\1frxfxl.exe117⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe118⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe119⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe120⤵
-
\??\c:\bhttbh.exec:\bhttbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-