Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01/10/2024, 20:14
General
-
Target
d9a23d3409c2e7ae13e57fc2c665b358b369e1e01dd9576de31177fa9f96ab9bN.exe
-
Size
66KB
-
MD5
b6f6158171137f6fb40222dad373a2d0
-
SHA1
2728ffe716817fa9713731afb6f1c688776241ac
-
SHA256
d9a23d3409c2e7ae13e57fc2c665b358b369e1e01dd9576de31177fa9f96ab9b
-
SHA512
a8e1d4d0f0756ba15ada349f65cf6231925779afb15fe9237883762fe14ad027d36b69cb77618ab24257a9231489b5c4d86d8107727a289738c7fea4966df41f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B5QO4:ymb3NkkiQ3mdBjFI9c+h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9a23d3409c2e7ae13e57fc2c665b358b369e1e01dd9576de31177fa9f96ab9bN.exe"C:\Users\Admin\AppData\Local\Temp\d9a23d3409c2e7ae13e57fc2c665b358b369e1e01dd9576de31177fa9f96ab9bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbh.exec:\ttbbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjd.exec:\pvdjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrrxf.exec:\fllrrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttb.exec:\bttttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtbh.exec:\hnhtbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrff.exec:\lflrrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnn.exec:\tthhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjj.exec:\dvvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlrrx.exec:\7rrlrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbhht.exec:\1tbhht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpv.exec:\djjpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffflr.exec:\xfffflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbnnt.exec:\5nbnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppv.exec:\pjppv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lllflr.exec:\1lllflr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtth.exec:\nhhtth.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxfll.exec:\xfrxfll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbb.exec:\nnttbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvv.exec:\vvpvv.exe23⤵
- Executes dropped EXE
-
\??\c:\fxllfrr.exec:\fxllfrr.exe24⤵
- Executes dropped EXE
-
\??\c:\ntnntb.exec:\ntnntb.exe25⤵
- Executes dropped EXE
-
\??\c:\nbbbnt.exec:\nbbbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe28⤵
- Executes dropped EXE
-
\??\c:\1xxffrx.exec:\1xxffrx.exe29⤵
- Executes dropped EXE
-
\??\c:\bbnnbh.exec:\bbnnbh.exe30⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\rxlllll.exec:\rxlllll.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\1djpp.exec:\1djpp.exe34⤵
- Executes dropped EXE
-
\??\c:\5rrrfll.exec:\5rrrfll.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe36⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe37⤵
- Executes dropped EXE
-
\??\c:\xffllrl.exec:\xffllrl.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe40⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrrfff.exec:\rlrrfff.exe42⤵
- Executes dropped EXE
-
\??\c:\lrfxflx.exec:\lrfxflx.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnnnb.exec:\hbnnnb.exe44⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jvjjj.exec:\jvjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\rxrrlff.exec:\rxrrlff.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxxrrf.exec:\rlxxrrf.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbhhhn.exec:\bbhhhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jpppv.exec:\jpppv.exe50⤵
- Executes dropped EXE
-
\??\c:\5rxrfll.exec:\5rxrfll.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlrlxx.exec:\xxlrlxx.exe52⤵
- Executes dropped EXE
-
\??\c:\nnnhhn.exec:\nnnhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe55⤵
- Executes dropped EXE
-
\??\c:\xxlllrr.exec:\xxlllrr.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxxxxfl.exec:\lxxxxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\bhnbnn.exec:\bhnbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe61⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe62⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe63⤵
- Executes dropped EXE
-
\??\c:\nhhnth.exec:\nhhnth.exe64⤵
- Executes dropped EXE
-
\??\c:\bhbnht.exec:\bhbnht.exe65⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe66⤵
-
\??\c:\5djpj.exec:\5djpj.exe67⤵
-
\??\c:\xflrxfl.exec:\xflrxfl.exe68⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe69⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe70⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe71⤵
-
\??\c:\lllrxfx.exec:\lllrxfx.exe72⤵
-
\??\c:\frxxxff.exec:\frxxxff.exe73⤵
-
\??\c:\bhntnt.exec:\bhntnt.exe74⤵
-
\??\c:\ppddd.exec:\ppddd.exe75⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe76⤵
-
\??\c:\xlllfxr.exec:\xlllfxr.exe77⤵
-
\??\c:\bttttb.exec:\bttttb.exe78⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe79⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe80⤵
-
\??\c:\7flrrxr.exec:\7flrrxr.exe81⤵
-
\??\c:\lrffxxf.exec:\lrffxxf.exe82⤵
-
\??\c:\tbnhtn.exec:\tbnhtn.exe83⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe84⤵
-
\??\c:\llxxxxf.exec:\llxxxxf.exe85⤵
-
\??\c:\rrffxxx.exec:\rrffxxx.exe86⤵
-
\??\c:\3thhhn.exec:\3thhhn.exe87⤵
-
\??\c:\pppvv.exec:\pppvv.exe88⤵
-
\??\c:\djjjj.exec:\djjjj.exe89⤵
-
\??\c:\7xfxrxf.exec:\7xfxrxf.exe90⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe91⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe92⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe93⤵
-
\??\c:\djjjj.exec:\djjjj.exe94⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe95⤵
-
\??\c:\rxxlfrr.exec:\rxxlfrr.exe96⤵
-
\??\c:\bbhtnn.exec:\bbhtnn.exe97⤵
-
\??\c:\pvddd.exec:\pvddd.exe98⤵
-
\??\c:\dddjp.exec:\dddjp.exe99⤵
-
\??\c:\xflxrxx.exec:\xflxrxx.exe100⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe101⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe102⤵
-
\??\c:\fflffxr.exec:\fflffxr.exe103⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe104⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe105⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe106⤵
-
\??\c:\rxrlffr.exec:\rxrlffr.exe107⤵
-
\??\c:\bntttt.exec:\bntttt.exe108⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe109⤵
-
\??\c:\7pppp.exec:\7pppp.exe110⤵
-
\??\c:\xxlfxrr.exec:\xxlfxrr.exe111⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe112⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe113⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe114⤵
-
\??\c:\jpppv.exec:\jpppv.exe115⤵
-
\??\c:\xxlrrxx.exec:\xxlrrxx.exe116⤵
-
\??\c:\9tbhhn.exec:\9tbhhn.exe117⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe118⤵
-
\??\c:\ppppp.exec:\ppppp.exe119⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe120⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-