Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25-09-2024 05:20
General
-
Target
8b7bafccbe2843d2808c1dbc99c059fb12db5fe650b4901cc80dec521a57c5c7N.exe
-
Size
82KB
-
MD5
646462650ef09a5934afdd3a59580db0
-
SHA1
101cb20d74cf74724941662c0ca64863a14b4ad1
-
SHA256
8b7bafccbe2843d2808c1dbc99c059fb12db5fe650b4901cc80dec521a57c5c7
-
SHA512
3853f23078ec8a600e2d42ddd5eb652e20feaa58319974ad013174b9f3ab677117a04b6833074e27e9ab0fdbe6d6690cc853f017292e91af97e56a01fc738055
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89L:ymb3NkkiQ3mdBjFIIp9L9QrrA8l
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b7bafccbe2843d2808c1dbc99c059fb12db5fe650b4901cc80dec521a57c5c7N.exe"C:\Users\Admin\AppData\Local\Temp\8b7bafccbe2843d2808c1dbc99c059fb12db5fe650b4901cc80dec521a57c5c7N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfxfx.exec:\7llfxfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbnn.exec:\5thbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfxl.exec:\xlrlfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrrx.exec:\lfxlrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnh.exec:\nbhnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnh.exec:\thbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlfrr.exec:\rrxlfrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrfr.exec:\lfffrfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhbh.exec:\bbhhbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfxxr.exec:\7llfxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbtt.exec:\nthbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllfff.exec:\frllfff.exe23⤵
- Executes dropped EXE
-
\??\c:\btntnh.exec:\btntnh.exe24⤵
- Executes dropped EXE
-
\??\c:\1fxlxxr.exec:\1fxlxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\5bhbbt.exec:\5bhbbt.exe26⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\fffxffx.exec:\fffxffx.exe28⤵
- Executes dropped EXE
-
\??\c:\frrlffr.exec:\frrlffr.exe29⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\frflfff.exec:\frflfff.exe32⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe33⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe34⤵
- Executes dropped EXE
-
\??\c:\rllxlfr.exec:\rllxlfr.exe35⤵
- Executes dropped EXE
-
\??\c:\9hbthh.exec:\9hbthh.exe36⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\3lxrffx.exec:\3lxrffx.exe39⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\nbbnhb.exec:\nbbnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\nbbnbb.exec:\nbbnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe47⤵
- Executes dropped EXE
-
\??\c:\lxfxlfx.exec:\lxfxlfx.exe48⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe49⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlxfxr.exec:\xxlxfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\rfxfflr.exec:\rfxfflr.exe53⤵
- Executes dropped EXE
-
\??\c:\htthbt.exec:\htthbt.exe54⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe55⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe56⤵
- Executes dropped EXE
-
\??\c:\5fxlxrl.exec:\5fxlxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\9thbnh.exec:\9thbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\fxxrlrf.exec:\fxxrlrf.exe61⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\9tthtn.exec:\9tthtn.exe63⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\fllxrlf.exec:\fllxrlf.exe66⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe67⤵
-
\??\c:\rflxrlx.exec:\rflxrlx.exe68⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe69⤵
-
\??\c:\tnbhht.exec:\tnbhht.exe70⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe71⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe72⤵
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe73⤵
-
\??\c:\3nhbtt.exec:\3nhbtt.exe74⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe75⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe76⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe77⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe78⤵
-
\??\c:\jddvp.exec:\jddvp.exe79⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe80⤵
-
\??\c:\fxfxlrr.exec:\fxfxlrr.exe81⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe82⤵
-
\??\c:\7bhhhh.exec:\7bhhhh.exe83⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe84⤵
-
\??\c:\lfllfll.exec:\lfllfll.exe85⤵
-
\??\c:\3flrfff.exec:\3flrfff.exe86⤵
-
\??\c:\nntntt.exec:\nntntt.exe87⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe88⤵
-
\??\c:\dpddp.exec:\dpddp.exe89⤵
-
\??\c:\lrlffrx.exec:\lrlffrx.exe90⤵
-
\??\c:\ffrrllf.exec:\ffrrllf.exe91⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe92⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe93⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe94⤵
-
\??\c:\lxflfff.exec:\lxflfff.exe95⤵
-
\??\c:\lrffrrr.exec:\lrffrrr.exe96⤵
-
\??\c:\ththbt.exec:\ththbt.exe97⤵
-
\??\c:\tntthh.exec:\tntthh.exe98⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe99⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe100⤵
-
\??\c:\lrrllxl.exec:\lrrllxl.exe101⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe102⤵
-
\??\c:\thhtbt.exec:\thhtbt.exe103⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe104⤵
-
\??\c:\djjvj.exec:\djjvj.exe105⤵
-
\??\c:\7rxrllf.exec:\7rxrllf.exe106⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe107⤵
-
\??\c:\hnbnnb.exec:\hnbnnb.exe108⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe109⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe110⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe111⤵
-
\??\c:\xflxlfx.exec:\xflxlfx.exe112⤵
-
\??\c:\9bnhtt.exec:\9bnhtt.exe113⤵
-
\??\c:\1lfrfxr.exec:\1lfrfxr.exe114⤵
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe115⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe116⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe117⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe118⤵
-
\??\c:\xrlrlff.exec:\xrlrlff.exe119⤵
-
\??\c:\lxflrrl.exec:\lxflrrl.exe120⤵
-
\??\c:\5hhthb.exec:\5hhthb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-