Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20-09-2024 22:14
General
-
Target
db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693aN.exe
-
Size
590KB
-
MD5
dae53a0132d9fda7de89607ef5351d80
-
SHA1
f667d33a61c10a433acab11bb7e4717f358d2eac
-
SHA256
db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693a
-
SHA512
2aa4e87015e9b9d28933d913b302c15f99faf20dbba4864102579c38f34116475b4c8b5b2cf73c1d6945cd20fcf72813d4ee2d89209067229a8d15ff7fb4ce16
-
SSDEEP
6144:n3C9BRIj+ebjcSbcY+CaQdaFOY4iGFYtRdzzoyYxJAyfgayl:n3C9Lebz+xt4vFeFmgayl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693aN.exe"C:\Users\Admin\AppData\Local\Temp\db7daee704fcb1f5c09a91eb100edf7487bf2cf7c450f147db7442658a0f693aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrrxx.exec:\1xxrrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttn.exec:\tntttn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrlf.exec:\llfxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnntt.exec:\nnnntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjdv.exec:\9jjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxx.exec:\lllfxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllxxf.exec:\xfllxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtbh.exec:\hbbtbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflffxx.exec:\lflffxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhn.exec:\hhtnhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdv.exec:\1djdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllffx.exec:\lfllffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhh.exec:\thhhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppj.exec:\jdppj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrxr.exec:\rffxrxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrlff.exec:\xfxrlff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnh.exec:\hhnnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe24⤵
- Executes dropped EXE
-
\??\c:\1xrrllf.exec:\1xrrllf.exe25⤵
- Executes dropped EXE
-
\??\c:\llrlfxx.exec:\llrlfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\rrfxxrx.exec:\rrfxxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbtnt.exec:\bbbtnt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\9pvdd.exec:\9pvdd.exe33⤵
- Executes dropped EXE
-
\??\c:\flxfxxl.exec:\flxfxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhhht.exec:\tnhhht.exe39⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe41⤵
- Executes dropped EXE
-
\??\c:\xxllrrx.exec:\xxllrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\3xrlffx.exec:\3xrlffx.exe43⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\vvppv.exec:\vvppv.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxxfff.exec:\xrxxfff.exe46⤵
- Executes dropped EXE
-
\??\c:\9llfxll.exec:\9llfxll.exe47⤵
- Executes dropped EXE
-
\??\c:\1nhbtt.exec:\1nhbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\1vddj.exec:\1vddj.exe50⤵
- Executes dropped EXE
-
\??\c:\fflrlrl.exec:\fflrlrl.exe51⤵
- Executes dropped EXE
-
\??\c:\hbnhhh.exec:\hbnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhhbt.exec:\hhhhbt.exe53⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\rxfrffx.exec:\rxfrffx.exe55⤵
- Executes dropped EXE
-
\??\c:\1bnhhh.exec:\1bnhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\bhnhbh.exec:\bhnhbh.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\bbbtth.exec:\bbbtth.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\5fllffx.exec:\5fllffx.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxlxxr.exec:\xrxlxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\nnhhbt.exec:\nnhhbt.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe64⤵
- Executes dropped EXE
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe66⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe67⤵
-
\??\c:\7pppp.exec:\7pppp.exe68⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe69⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe70⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe71⤵
-
\??\c:\dppjd.exec:\dppjd.exe72⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe73⤵
-
\??\c:\fflxxxr.exec:\fflxxxr.exe74⤵
-
\??\c:\thntnh.exec:\thntnh.exe75⤵
-
\??\c:\jdddd.exec:\jdddd.exe76⤵
-
\??\c:\3xfrllf.exec:\3xfrllf.exe77⤵
-
\??\c:\9ttnbb.exec:\9ttnbb.exe78⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe79⤵
-
\??\c:\rrlffxx.exec:\rrlffxx.exe80⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe81⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe82⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe83⤵
-
\??\c:\9frffxf.exec:\9frffxf.exe84⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe85⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe86⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe87⤵
-
\??\c:\rxxrxxr.exec:\rxxrxxr.exe88⤵
-
\??\c:\5tbttt.exec:\5tbttt.exe89⤵
-
\??\c:\9hhhbt.exec:\9hhhbt.exe90⤵
-
\??\c:\pjppp.exec:\pjppp.exe91⤵
-
\??\c:\fxlflfl.exec:\fxlflfl.exe92⤵
-
\??\c:\7nnbtt.exec:\7nnbtt.exe93⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe94⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe95⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe96⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe97⤵
-
\??\c:\9bbntt.exec:\9bbntt.exe98⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe99⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe100⤵
-
\??\c:\xxllrrf.exec:\xxllrrf.exe101⤵
-
\??\c:\9nnnnn.exec:\9nnnnn.exe102⤵
-
\??\c:\5djjd.exec:\5djjd.exe103⤵
-
\??\c:\flrrffx.exec:\flrrffx.exe104⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe105⤵
-
\??\c:\lffffff.exec:\lffffff.exe106⤵
-
\??\c:\3nnnnn.exec:\3nnnnn.exe107⤵
-
\??\c:\vvppv.exec:\vvppv.exe108⤵
-
\??\c:\5xfxxxx.exec:\5xfxxxx.exe109⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe110⤵
-
\??\c:\nnbtbt.exec:\nnbtbt.exe111⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe112⤵
-
\??\c:\5tnbnh.exec:\5tnbnh.exe113⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe114⤵
-
\??\c:\rlfxfxf.exec:\rlfxfxf.exe115⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe116⤵
-
\??\c:\3htbtt.exec:\3htbtt.exe117⤵
-
\??\c:\5djdd.exec:\5djdd.exe118⤵
-
\??\c:\flxrlfx.exec:\flxrlfx.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htbtnh.exec:\htbtnh.exe120⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-