Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 02:49
General
-
Target
ea5eccc738a14b9b6e5739a4a49733abff57d7808bd3e201fb33e10e8b67fe80.exe
-
Size
366KB
-
MD5
552ba3f73a76dbb3e3e76196175c8388
-
SHA1
89c8d2d3e507dde876231f6cbf0b7b24b47e05a2
-
SHA256
ea5eccc738a14b9b6e5739a4a49733abff57d7808bd3e201fb33e10e8b67fe80
-
SHA512
723b9592b78fc8c67f683a61e72c3e396cad6329651a93a701ea6368a7608576c377be763e58a13d0889b14bafdb76e8c8174c00ed79259f271201836832bef3
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFhz:n3C9ytvnVXFUXoSWlnwJv90aKToFqwfV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea5eccc738a14b9b6e5739a4a49733abff57d7808bd3e201fb33e10e8b67fe80.exe"C:\Users\Admin\AppData\Local\Temp\ea5eccc738a14b9b6e5739a4a49733abff57d7808bd3e201fb33e10e8b67fe80.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxl.exec:\fxfxxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththnn.exec:\ththnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjd.exec:\1pvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntht.exec:\tnntht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhb.exec:\btnhhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvj.exec:\5dvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhh.exec:\tbhhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppj.exec:\9pppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrllf.exec:\rlxrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntbtb.exec:\3ntbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpj.exec:\9jvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnhn.exec:\5ntnhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvjp.exec:\5pvjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbnn.exec:\1thbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxr.exec:\fflfxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\7xxrlfx.exec:\7xxrlfx.exe25⤵
- Executes dropped EXE
-
\??\c:\fflfffx.exec:\fflfffx.exe26⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrlflf.exec:\xxrlflf.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe30⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\flrfxll.exec:\flrfxll.exe32⤵
- Executes dropped EXE
-
\??\c:\1xfrrxx.exec:\1xfrrxx.exe33⤵
- Executes dropped EXE
-
\??\c:\vdddp.exec:\vdddp.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rfllffr.exec:\rfllffr.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe37⤵
- Executes dropped EXE
-
\??\c:\bbtnht.exec:\bbtnht.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe40⤵
- Executes dropped EXE
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\nhhntn.exec:\nhhntn.exe42⤵
- Executes dropped EXE
-
\??\c:\7bbtnt.exec:\7bbtnt.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\5ntnbb.exec:\5ntnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe48⤵
- Executes dropped EXE
-
\??\c:\ffllllr.exec:\ffllllr.exe49⤵
- Executes dropped EXE
-
\??\c:\hthnhh.exec:\hthnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnnbn.exec:\nhnnbn.exe51⤵
- Executes dropped EXE
-
\??\c:\9ddvv.exec:\9ddvv.exe52⤵
- Executes dropped EXE
-
\??\c:\xrffffl.exec:\xrffffl.exe53⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\1nhhnn.exec:\1nhhnn.exe56⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rrfxxlf.exec:\rrfxxlf.exe59⤵
- Executes dropped EXE
-
\??\c:\7rrlflf.exec:\7rrlflf.exe60⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe62⤵
- Executes dropped EXE
-
\??\c:\3xrlfxx.exec:\3xrlfxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xflfllr.exec:\xflfllr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\3jvpv.exec:\3jvpv.exe66⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe67⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe68⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe69⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe70⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe71⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe72⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe73⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe74⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe75⤵
-
\??\c:\xflfffx.exec:\xflfffx.exe76⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe77⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe78⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe79⤵
-
\??\c:\fxrrlfr.exec:\fxrrlfr.exe80⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe81⤵
-
\??\c:\nbnnbn.exec:\nbnnbn.exe82⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe83⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe84⤵
-
\??\c:\3tbtnb.exec:\3tbtnb.exe85⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe86⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe87⤵
-
\??\c:\1rxllff.exec:\1rxllff.exe88⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe89⤵
-
\??\c:\7nhbnn.exec:\7nhbnn.exe90⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe91⤵
-
\??\c:\rflfrrr.exec:\rflfrrr.exe92⤵
-
\??\c:\btbtth.exec:\btbtth.exe93⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe94⤵
-
\??\c:\3xxxlxl.exec:\3xxxlxl.exe95⤵
-
\??\c:\9llxlfr.exec:\9llxlfr.exe96⤵
-
\??\c:\5hthtn.exec:\5hthtn.exe97⤵
-
\??\c:\5jjdd.exec:\5jjdd.exe98⤵
-
\??\c:\rrxrfxl.exec:\rrxrfxl.exe99⤵
-
\??\c:\frlxrxf.exec:\frlxrxf.exe100⤵
-
\??\c:\9hhnbt.exec:\9hhnbt.exe101⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe102⤵
-
\??\c:\9ffrfxl.exec:\9ffrfxl.exe103⤵
-
\??\c:\rxffflf.exec:\rxffflf.exe104⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe105⤵
-
\??\c:\djjdv.exec:\djjdv.exe106⤵
-
\??\c:\3rlrrlf.exec:\3rlrrlf.exe107⤵
-
\??\c:\5rrlxxr.exec:\5rrlxxr.exe108⤵
-
\??\c:\3hbhtn.exec:\3hbhtn.exe109⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe110⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe111⤵
-
\??\c:\9lrlrlr.exec:\9lrlrlr.exe112⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe113⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe114⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe115⤵
-
\??\c:\9rfxxxr.exec:\9rfxxxr.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thnhtn.exec:\thnhtn.exe117⤵
-
\??\c:\3vdpv.exec:\3vdpv.exe118⤵
-
\??\c:\9vpdp.exec:\9vpdp.exe119⤵
-
\??\c:\3rxrlfl.exec:\3rxrlfl.exe120⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-