Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-10-2024 00:37
General
-
Target
fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0N.exe
-
Size
63KB
-
MD5
10e1f626dd3e7530f75c5816a8890950
-
SHA1
029bbb574f7451444a374c3c6e02465a1cb67e94
-
SHA256
fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0
-
SHA512
89c317b59e31810986a70ff7ea89fc29a7d220f5cf8dbaae5c733a13f52e6123f64bc38e35a4af52fc5ebf068cb689ff3ee105ba01cdb0b9ea0cc39925cc8055
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxi03:ymb3NkkiQ3mdBjF0y7kbD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0N.exe"C:\Users\Admin\AppData\Local\Temp\fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxxrr.exec:\fflxxrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdv.exec:\9dvdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxff.exec:\lfrlxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflll.exec:\fxlflll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbtt.exec:\hbtbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrrl.exec:\fflfrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllfxr.exec:\xlllfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttttn.exec:\nttttn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrlxrx.exec:\9lrlxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffff.exec:\rllffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbtt.exec:\nnbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fflfll.exec:\7fflfll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffxff.exec:\frffxff.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnnbb.exec:\bhnnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\5vjjp.exec:\5vjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrrlll.exec:\lfrrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\thtnhb.exec:\thtnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\7btnhh.exec:\7btnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\hthbhh.exec:\hthbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbthn.exec:\bbbthn.exe33⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\xflfrrr.exec:\xflfrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\5xllxxf.exec:\5xllxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhnhh.exec:\nbhnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\5jppj.exec:\5jppj.exe38⤵
- Executes dropped EXE
-
\??\c:\9jjvp.exec:\9jjvp.exe39⤵
- Executes dropped EXE
-
\??\c:\7fxrxxr.exec:\7fxrxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\ffllffx.exec:\ffllffx.exe41⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe43⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe44⤵
- Executes dropped EXE
-
\??\c:\9rxxffl.exec:\9rxxffl.exe45⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\9nnnnh.exec:\9nnnnh.exe47⤵
- Executes dropped EXE
-
\??\c:\tnthhh.exec:\tnthhh.exe48⤵
- Executes dropped EXE
-
\??\c:\7vvpv.exec:\7vvpv.exe49⤵
- Executes dropped EXE
-
\??\c:\rllfxff.exec:\rllfxff.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\bbtnhn.exec:\bbtnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\fflxxxr.exec:\fflxxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\flxrllr.exec:\flxrllr.exe57⤵
- Executes dropped EXE
-
\??\c:\btbbth.exec:\btbbth.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnnhn.exec:\nhnnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe61⤵
- Executes dropped EXE
-
\??\c:\9xxrffr.exec:\9xxrffr.exe62⤵
- Executes dropped EXE
-
\??\c:\1nthhb.exec:\1nthhb.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhnht.exec:\hbhnht.exe64⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe66⤵
-
\??\c:\xrrlffl.exec:\xrrlffl.exe67⤵
-
\??\c:\5ffllll.exec:\5ffllll.exe68⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe69⤵
-
\??\c:\bbhbht.exec:\bbhbht.exe70⤵
-
\??\c:\7vddv.exec:\7vddv.exe71⤵
-
\??\c:\xflxrrl.exec:\xflxrrl.exe72⤵
-
\??\c:\rfxxxxr.exec:\rfxxxxr.exe73⤵
-
\??\c:\5httnn.exec:\5httnn.exe74⤵
-
\??\c:\7jjjp.exec:\7jjjp.exe75⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe76⤵
-
\??\c:\fxlfxll.exec:\fxlfxll.exe77⤵
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe78⤵
-
\??\c:\btnhnb.exec:\btnhnb.exe79⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe80⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe81⤵
-
\??\c:\ffrlxxx.exec:\ffrlxxx.exe82⤵
-
\??\c:\3rrllll.exec:\3rrllll.exe83⤵
-
\??\c:\bhhnnn.exec:\bhhnnn.exe84⤵
-
\??\c:\hbbnbn.exec:\hbbnbn.exe85⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe86⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe87⤵
-
\??\c:\frrlxxr.exec:\frrlxxr.exe88⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe89⤵
-
\??\c:\3hnbtb.exec:\3hnbtb.exe90⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe91⤵
-
\??\c:\vppjp.exec:\vppjp.exe92⤵
-
\??\c:\ffrlrrr.exec:\ffrlrrr.exe93⤵
-
\??\c:\3rxxxxr.exec:\3rxxxxr.exe94⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe95⤵
-
\??\c:\jpddv.exec:\jpddv.exe96⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe97⤵
-
\??\c:\fllrrll.exec:\fllrrll.exe98⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe99⤵
-
\??\c:\xfllflf.exec:\xfllflf.exe100⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe101⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe102⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe103⤵
-
\??\c:\frfxlff.exec:\frfxlff.exe104⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe105⤵
-
\??\c:\thtttb.exec:\thtttb.exe106⤵
-
\??\c:\pvddd.exec:\pvddd.exe107⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe108⤵
-
\??\c:\1llxrll.exec:\1llxrll.exe109⤵
-
\??\c:\httnnn.exec:\httnnn.exe110⤵
-
\??\c:\3btthh.exec:\3btthh.exe111⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe112⤵
-
\??\c:\xfrrlff.exec:\xfrrlff.exe113⤵
-
\??\c:\xfrlfxr.exec:\xfrlfxr.exe114⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe115⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe116⤵
-
\??\c:\vpppd.exec:\vpppd.exe117⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe118⤵
-
\??\c:\lxxfrlx.exec:\lxxfrlx.exe119⤵
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe120⤵
-
\??\c:\7hnnhh.exec:\7hnnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-