Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 01:40
General
-
Target
bf871211542a3cb50a9416e388d28faf054e283471fac6eb2aef50cfe81a133a.exe
-
Size
71KB
-
MD5
3548a2c2431576b582b6f4f3451b6737
-
SHA1
2df1c2ff8bd949bc0e1b52c3809ab8bb4b5c6e4a
-
SHA256
bf871211542a3cb50a9416e388d28faf054e283471fac6eb2aef50cfe81a133a
-
SHA512
09e8d661bfd090a5e7318c6d88491176975c10ac77397140e2a472fb17f4df3b690c39ed9e5d12762d0c20e37909961b725244a5627677a38bf51b929367be91
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfju+:ymb3NkkiQ3mdBjFI4Vt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf871211542a3cb50a9416e388d28faf054e283471fac6eb2aef50cfe81a133a.exe"C:\Users\Admin\AppData\Local\Temp\bf871211542a3cb50a9416e388d28faf054e283471fac6eb2aef50cfe81a133a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffxxx.exec:\rrffxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhhh.exec:\hnhhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntnn.exec:\hhntnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfffr.exec:\xflfffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhhh.exec:\bbnhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbb.exec:\bthbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvj.exec:\vjvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flflrr.exec:\1flflrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxrr.exec:\rrxxxrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttbb.exec:\bhttbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffff.exec:\fxfffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxr.exec:\lffxxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbh.exec:\btbbbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvj.exec:\5vpvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlll.exec:\rrxrlll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlllr.exec:\rlrlllr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntnt.exec:\thntnt.exe23⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\fffffxf.exec:\fffffxf.exe26⤵
- Executes dropped EXE
-
\??\c:\fflllll.exec:\fflllll.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbhhh.exec:\bbbhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\bhnntb.exec:\bhnntb.exe29⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxxfff.exec:\rrxxfff.exe31⤵
- Executes dropped EXE
-
\??\c:\9xffffl.exec:\9xffffl.exe32⤵
- Executes dropped EXE
-
\??\c:\5tbbtt.exec:\5tbbtt.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvjjv.exec:\vvjjv.exe34⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe36⤵
- Executes dropped EXE
-
\??\c:\llrrrxf.exec:\llrrrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\rllxflf.exec:\rllxflf.exe39⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe40⤵
- Executes dropped EXE
-
\??\c:\rfllfxr.exec:\rfllfxr.exe41⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\9nhbbh.exec:\9nhbbh.exe43⤵
- Executes dropped EXE
-
\??\c:\3hbttt.exec:\3hbttt.exe44⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe46⤵
- Executes dropped EXE
-
\??\c:\bnhbbh.exec:\bnhbbh.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbbbh.exec:\nnbbbh.exe48⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\flxrrrr.exec:\flxrrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\lxlxxff.exec:\lxlxxff.exe52⤵
- Executes dropped EXE
-
\??\c:\bbhbbh.exec:\bbhbbh.exe53⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe54⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe57⤵
- Executes dropped EXE
-
\??\c:\7hnhhh.exec:\7hnhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe59⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe60⤵
- Executes dropped EXE
-
\??\c:\rrrrflf.exec:\rrrrflf.exe61⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnnhn.exec:\nbnnhn.exe63⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbttb.exec:\nnbttb.exe65⤵
- Executes dropped EXE
-
\??\c:\bnhhhn.exec:\bnhhhn.exe66⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe67⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe68⤵
-
\??\c:\1lrrxff.exec:\1lrrxff.exe69⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe70⤵
-
\??\c:\9htbnt.exec:\9htbnt.exe71⤵
-
\??\c:\1dddd.exec:\1dddd.exe72⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe73⤵
-
\??\c:\5rlfffx.exec:\5rlfffx.exe74⤵
-
\??\c:\bbhbbn.exec:\bbhbbn.exe75⤵
-
\??\c:\tttntt.exec:\tttntt.exe76⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe77⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe78⤵
-
\??\c:\5rxxflx.exec:\5rxxflx.exe79⤵
-
\??\c:\lllllrr.exec:\lllllrr.exe80⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe81⤵
-
\??\c:\dpppj.exec:\dpppj.exe82⤵
-
\??\c:\jpppj.exec:\jpppj.exe83⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe84⤵
-
\??\c:\rllllll.exec:\rllllll.exe85⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe86⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe87⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe88⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe89⤵
-
\??\c:\llrrrxr.exec:\llrrrxr.exe90⤵
-
\??\c:\ththnh.exec:\ththnh.exe91⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe92⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe93⤵
-
\??\c:\xrrxxrf.exec:\xrrxxrf.exe94⤵
-
\??\c:\xxflfll.exec:\xxflfll.exe95⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe96⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe97⤵
-
\??\c:\djpvv.exec:\djpvv.exe98⤵
-
\??\c:\rrflllx.exec:\rrflllx.exe99⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe100⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe101⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe102⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe103⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe104⤵
-
\??\c:\fxffxfx.exec:\fxffxfx.exe105⤵
-
\??\c:\rllrrrr.exec:\rllrrrr.exe106⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe107⤵
-
\??\c:\9jppp.exec:\9jppp.exe108⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe109⤵
-
\??\c:\rxlfflr.exec:\rxlfflr.exe110⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe111⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe112⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe113⤵
-
\??\c:\dddpp.exec:\dddpp.exe114⤵
-
\??\c:\llrllrr.exec:\llrllrr.exe115⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe116⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe117⤵
-
\??\c:\1rlllrr.exec:\1rlllrr.exe118⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe119⤵
-
\??\c:\tnthbb.exec:\tnthbb.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppvvv.exec:\ppvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-