Analysis
-
max time kernel
120s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25-09-2024 01:36
General
-
Target
c837311a224b8c64760a39229fa386eb6d8da16396d6f816cd0730b27e5b3739N.exe
-
Size
63KB
-
MD5
4858e14794f0f1bd7ecffe3985977150
-
SHA1
3d6e10d4cdf6ee172a84f7c64e4282c3b60fa441
-
SHA256
c837311a224b8c64760a39229fa386eb6d8da16396d6f816cd0730b27e5b3739
-
SHA512
d559610a3c23cfaf0f0b4fb2aa82263ec757e6a83a02ebcb44cdd18400e841d5f0cb69ced509b55a75d3ab3858c33db12626a00b891cc8949acf3062aee71b3d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJ44Hhhd8:ymb3NkkiQ3mdBjFILdhj8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c837311a224b8c64760a39229fa386eb6d8da16396d6f816cd0730b27e5b3739N.exe"C:\Users\Admin\AppData\Local\Temp\c837311a224b8c64760a39229fa386eb6d8da16396d6f816cd0730b27e5b3739N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvj.exec:\ppvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllfll.exec:\xxllfll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrrxxf.exec:\5xrrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbthb.exec:\ttbthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvd.exec:\pddvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fffxfx.exec:\1fffxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrfx.exec:\xrlxrfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nttnt.exec:\7nttnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjp.exec:\pvvjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfff.exec:\llllfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhbb.exec:\thhhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxllf.exec:\frfxllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxrl.exec:\fffxxrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxrrl.exec:\rflxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtb.exec:\btbbtb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrfff.exec:\rrfrfff.exe23⤵
- Executes dropped EXE
-
\??\c:\ffffrrr.exec:\ffffrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\5hhhbb.exec:\5hhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\flffrxx.exec:\flffrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\lrfrxfx.exec:\lrfrxfx.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\9ttbhn.exec:\9ttbhn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\fffxrrr.exec:\fffxrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\xxxxlrl.exec:\xxxxlrl.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\hbnbnh.exec:\hbnbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\7pdvp.exec:\7pdvp.exe36⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\flrlxlf.exec:\flrlxlf.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtttn.exec:\hbtttn.exe39⤵
- Executes dropped EXE
-
\??\c:\1nnhtb.exec:\1nnhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\9jjdj.exec:\9jjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\1ppjd.exec:\1ppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe43⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe45⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe46⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\hnnhhh.exec:\hnnhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnhtb.exec:\nhnhtb.exe51⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe52⤵
- Executes dropped EXE
-
\??\c:\9xrlfff.exec:\9xrlfff.exe53⤵
- Executes dropped EXE
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe56⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe57⤵
- Executes dropped EXE
-
\??\c:\rflxlff.exec:\rflxlff.exe58⤵
- Executes dropped EXE
-
\??\c:\xxfxrxr.exec:\xxfxrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe62⤵
- Executes dropped EXE
-
\??\c:\9dvvj.exec:\9dvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\xrxlllr.exec:\xrxlllr.exe64⤵
- Executes dropped EXE
-
\??\c:\tbtnbh.exec:\tbtnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\9ppjv.exec:\9ppjv.exe66⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe67⤵
-
\??\c:\rflxlrl.exec:\rflxlrl.exe68⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe69⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe70⤵
-
\??\c:\9dvdp.exec:\9dvdp.exe71⤵
-
\??\c:\xllllfl.exec:\xllllfl.exe72⤵
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe73⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe74⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe75⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe76⤵
-
\??\c:\lfxrxrx.exec:\lfxrxrx.exe77⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe78⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe79⤵
-
\??\c:\hnbnhn.exec:\hnbnhn.exe80⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe81⤵
-
\??\c:\1rxrrrx.exec:\1rxrrrx.exe82⤵
-
\??\c:\1xllllr.exec:\1xllllr.exe83⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe84⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe85⤵
-
\??\c:\hthtnn.exec:\hthtnn.exe86⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe87⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe88⤵
-
\??\c:\7rrfrlr.exec:\7rrfrlr.exe89⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe90⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe91⤵
-
\??\c:\thbthb.exec:\thbthb.exe92⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe93⤵
-
\??\c:\rrlrrff.exec:\rrlrrff.exe94⤵
-
\??\c:\frxrfff.exec:\frxrfff.exe95⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe96⤵
-
\??\c:\1bhtnt.exec:\1bhtnt.exe97⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe98⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe99⤵
-
\??\c:\3rlfllx.exec:\3rlfllx.exe100⤵
-
\??\c:\1btnhb.exec:\1btnhb.exe101⤵
-
\??\c:\5ntnhb.exec:\5ntnhb.exe102⤵
-
\??\c:\djdjd.exec:\djdjd.exe103⤵
-
\??\c:\9rrlxrl.exec:\9rrlxrl.exe104⤵
-
\??\c:\frlfxxx.exec:\frlfxxx.exe105⤵
-
\??\c:\tbhnnn.exec:\tbhnnn.exe106⤵
-
\??\c:\nttttn.exec:\nttttn.exe107⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe108⤵
-
\??\c:\5jpdp.exec:\5jpdp.exe109⤵
-
\??\c:\7rrlrxx.exec:\7rrlrxx.exe110⤵
-
\??\c:\hnnntn.exec:\hnnntn.exe111⤵
-
\??\c:\9hhhtt.exec:\9hhhtt.exe112⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe113⤵
-
\??\c:\fxfxlll.exec:\fxfxlll.exe114⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe115⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe116⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe117⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe118⤵
-
\??\c:\rxxrffr.exec:\rxxrffr.exe119⤵
-
\??\c:\xfffxrl.exec:\xfffxrl.exe120⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-