Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
28-09-2024 03:58
General
-
Target
83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3N.exe
-
Size
230KB
-
MD5
206d60f3a0dcf6796c167b145e8561b0
-
SHA1
af7bef0f3026a8850b1531afdfd3538d73e4437a
-
SHA256
83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3
-
SHA512
5a2f9fc274b8b049afd58e476752e99607fc07f15963d606d498d22d64c7715a57650e1ca4e589e2cac043b1fa13b1ee79dbb724d69ec036e686218e2c0c55d2
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLjBeG+4:n3C9BRo7MlrWKo+lxKf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3N.exe"C:\Users\Admin\AppData\Local\Temp\83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjj.exec:\vpvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhnth.exec:\tbhnth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlffll.exec:\rxlffll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxffxf.exec:\ffxffxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflllrr.exec:\xflllrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhb.exec:\hbhhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbtbb.exec:\1bbtbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvp.exec:\dpdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjd.exec:\9vpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtbt.exec:\nbhtbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjp.exec:\vjpjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxlxr.exec:\rxlxlxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtnn.exec:\nbhtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhnhn.exec:\1nhnhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjd.exec:\3jpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe26⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\nntntb.exec:\nntntb.exe29⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lxrxxfl.exec:\lxrxxfl.exe32⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe33⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\3ffxfxf.exec:\3ffxfxf.exe36⤵
- Executes dropped EXE
-
\??\c:\bnhtnn.exec:\bnhtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxrlfxl.exec:\lxrlfxl.exe40⤵
- Executes dropped EXE
-
\??\c:\rrxxrff.exec:\rrxxrff.exe41⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhbtb.exec:\tnhbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe44⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\7ffxrrf.exec:\7ffxrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe48⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe49⤵
- Executes dropped EXE
-
\??\c:\1djvj.exec:\1djvj.exe50⤵
- Executes dropped EXE
-
\??\c:\fxfxfff.exec:\fxfxfff.exe51⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxrllf.exec:\5rxrllf.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe58⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe59⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe61⤵
- Executes dropped EXE
-
\??\c:\thnhbn.exec:\thnhbn.exe62⤵
- Executes dropped EXE
-
\??\c:\9vpvp.exec:\9vpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhbbt.exec:\tnhbbt.exe66⤵
-
\??\c:\tthnnb.exec:\tthnnb.exe67⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe68⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe69⤵
-
\??\c:\9rrlxxx.exec:\9rrlxxx.exe70⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe71⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe72⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe73⤵
-
\??\c:\rrxrlfr.exec:\rrxrlfr.exe74⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe75⤵
-
\??\c:\tbhbnn.exec:\tbhbnn.exe76⤵
-
\??\c:\vppjv.exec:\vppjv.exe77⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe78⤵
-
\??\c:\fxlxfxf.exec:\fxlxfxf.exe79⤵
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe80⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe81⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe82⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe83⤵
-
\??\c:\rllfllr.exec:\rllfllr.exe84⤵
-
\??\c:\rxfffxx.exec:\rxfffxx.exe85⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe86⤵
-
\??\c:\jvddv.exec:\jvddv.exe87⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe88⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe89⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe90⤵
-
\??\c:\jddpj.exec:\jddpj.exe91⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe92⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe93⤵
-
\??\c:\tthbtn.exec:\tthbtn.exe94⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe95⤵
-
\??\c:\jppdp.exec:\jppdp.exe96⤵
-
\??\c:\3lrlffx.exec:\3lrlffx.exe97⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe98⤵
-
\??\c:\bnnbnn.exec:\bnnbnn.exe99⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe100⤵
-
\??\c:\rffxxxr.exec:\rffxxxr.exe101⤵
-
\??\c:\9fxlxrf.exec:\9fxlxrf.exe102⤵
-
\??\c:\tntntn.exec:\tntntn.exe103⤵
-
\??\c:\9nthtt.exec:\9nthtt.exe104⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe105⤵
-
\??\c:\dvddj.exec:\dvddj.exe106⤵
-
\??\c:\llfrfxl.exec:\llfrfxl.exe107⤵
-
\??\c:\5tthbt.exec:\5tthbt.exe108⤵
-
\??\c:\dppdp.exec:\dppdp.exe109⤵
-
\??\c:\5pdpd.exec:\5pdpd.exe110⤵
-
\??\c:\xrxlxrf.exec:\xrxlxrf.exe111⤵
-
\??\c:\1bhbnh.exec:\1bhbnh.exe112⤵
-
\??\c:\1btthb.exec:\1btthb.exe113⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe114⤵
-
\??\c:\lxlxrrl.exec:\lxlxrrl.exe115⤵
-
\??\c:\1flxfxx.exec:\1flxfxx.exe116⤵
-
\??\c:\thnbbn.exec:\thnbbn.exe117⤵
-
\??\c:\pppdp.exec:\pppdp.exe118⤵
-
\??\c:\fxlllfl.exec:\fxlllfl.exe119⤵
-
\??\c:\rffxrfr.exec:\rffxrfr.exe120⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-