Analysis
-
max time kernel
150s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30/09/2024, 02:25
General
-
Target
c6690191a5890dcae91980931b6ca26385d88be6b25fd272454ab66acfbed6a8.exe
-
Size
70KB
-
MD5
583e8424ce92cc09d4f807e1c6dc8881
-
SHA1
7a3e72677111ee7720852771c150e27691b7fc46
-
SHA256
c6690191a5890dcae91980931b6ca26385d88be6b25fd272454ab66acfbed6a8
-
SHA512
a35586c393f0218192893b98ddad6de07e0d4b65a2cee16cee4ddbd670d2f9f85dab7936fbdbbb17898806ffb77d5a988babe32ff28aa250176de3651671e338
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj2:ymb3NkkiQ3mdBjFI4Vm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c6690191a5890dcae91980931b6ca26385d88be6b25fd272454ab66acfbed6a8.exe"C:\Users\Admin\AppData\Local\Temp\c6690191a5890dcae91980931b6ca26385d88be6b25fd272454ab66acfbed6a8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbtn.exec:\bhnbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvj.exec:\pddvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnhb.exec:\bthnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnht.exec:\nnnnht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvd.exec:\vdvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxlrf.exec:\rfrxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntnn.exec:\bnntnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbb.exec:\bnhhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxrl.exec:\lfxxxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtttb.exec:\tbtttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrfx.exec:\fxlfrfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhbb.exec:\nbbhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\9xxfrfl.exec:\9xxfrfl.exe24⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe27⤵
- Executes dropped EXE
-
\??\c:\frfxxxx.exec:\frfxxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\1btntt.exec:\1btntt.exe29⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe30⤵
- Executes dropped EXE
-
\??\c:\7jdvj.exec:\7jdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\htthbb.exec:\htthbb.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrlfrr.exec:\rfrlfrr.exe36⤵
- Executes dropped EXE
-
\??\c:\tntbtt.exec:\tntbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxxxff.exec:\lrxxxff.exe40⤵
- Executes dropped EXE
-
\??\c:\lrxffll.exec:\lrxffll.exe41⤵
- Executes dropped EXE
-
\??\c:\bttbtb.exec:\bttbtb.exe42⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxrlxr.exec:\rxxrlxr.exe44⤵
- Executes dropped EXE
-
\??\c:\rrlfrrx.exec:\rrlfrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\bthnbt.exec:\bthnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe47⤵
- Executes dropped EXE
-
\??\c:\rffxxxr.exec:\rffxxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\flrrllf.exec:\flrrllf.exe49⤵
- Executes dropped EXE
-
\??\c:\bbhhhn.exec:\bbhhhn.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe52⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe53⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe54⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrfff.exec:\fxxrfff.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\tbnntt.exec:\tbnntt.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvdv.exec:\vvvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrllf.exec:\rlrrllf.exe61⤵
- Executes dropped EXE
-
\??\c:\bbhbhh.exec:\bbhbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\hhtntt.exec:\hhtntt.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\7bhnnt.exec:\7bhnnt.exe66⤵
-
\??\c:\1tnnnt.exec:\1tnnnt.exe67⤵
-
\??\c:\7nnttt.exec:\7nnttt.exe68⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3rlrfxl.exec:\3rlrfxl.exe70⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe71⤵
-
\??\c:\bhhttb.exec:\bhhttb.exe72⤵
-
\??\c:\vpppp.exec:\vpppp.exe73⤵
-
\??\c:\xxrlfrr.exec:\xxrlfrr.exe74⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe75⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe76⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe77⤵
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe78⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe79⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe80⤵
-
\??\c:\vpppp.exec:\vpppp.exe81⤵
-
\??\c:\llfllrx.exec:\llfllrx.exe82⤵
-
\??\c:\rxrrlfr.exec:\rxrrlfr.exe83⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe84⤵
-
\??\c:\tntntt.exec:\tntntt.exe85⤵
-
\??\c:\3nnhtb.exec:\3nnhtb.exe86⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe87⤵
-
\??\c:\xxxxxxf.exec:\xxxxxxf.exe88⤵
-
\??\c:\rfrrlrr.exec:\rfrrlrr.exe89⤵
-
\??\c:\ntttbh.exec:\ntttbh.exe90⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe91⤵
-
\??\c:\vpppj.exec:\vpppj.exe92⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe93⤵
-
\??\c:\rrllffx.exec:\rrllffx.exe94⤵
-
\??\c:\nntthh.exec:\nntthh.exe95⤵
-
\??\c:\5bbbnn.exec:\5bbbnn.exe96⤵
-
\??\c:\9jppj.exec:\9jppj.exe97⤵
-
\??\c:\xrfxllf.exec:\xrfxllf.exe98⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe99⤵
-
\??\c:\vdddd.exec:\vdddd.exe100⤵
-
\??\c:\pjppj.exec:\pjppj.exe101⤵
-
\??\c:\5xfxxxr.exec:\5xfxxxr.exe102⤵
-
\??\c:\btttnt.exec:\btttnt.exe103⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe104⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe105⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe106⤵
-
\??\c:\lrfllfl.exec:\lrfllfl.exe107⤵
-
\??\c:\5rxxlxx.exec:\5rxxlxx.exe108⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe109⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe110⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe111⤵
-
\??\c:\3xxrlll.exec:\3xxrlll.exe112⤵
-
\??\c:\btttnt.exec:\btttnt.exe113⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe114⤵
-
\??\c:\djvjp.exec:\djvjp.exe115⤵
-
\??\c:\fxrlllx.exec:\fxrlllx.exe116⤵
-
\??\c:\thhntt.exec:\thhntt.exe117⤵
-
\??\c:\7pppd.exec:\7pppd.exe118⤵
-
\??\c:\vppjj.exec:\vppjj.exe119⤵
-
\??\c:\xlrrxll.exec:\xlrrxll.exe120⤵
-
\??\c:\bntttn.exec:\bntttn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-