Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 23:07
General
-
Target
0c5623d6fef32b58e3468fd4f5320e81f3b5d74394e26dedb2cd0e791b8238a4N.exe
-
Size
66KB
-
MD5
ce4826005bb4045528189c95d5e48320
-
SHA1
9560083ae24c56640a828487dd336c1b51a59f3e
-
SHA256
0c5623d6fef32b58e3468fd4f5320e81f3b5d74394e26dedb2cd0e791b8238a4
-
SHA512
4f5ee932bcbbcc3f91f254f886b9b03d8b221c56324fe56c057c25542ade64b1fbc74786a48c42211074175006a1dc72108ff614a606c2fed7e1e1910e351c59
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfo4n:ymb3NkkiQ3mdBjFI9cqfVn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c5623d6fef32b58e3468fd4f5320e81f3b5d74394e26dedb2cd0e791b8238a4N.exe"C:\Users\Admin\AppData\Local\Temp\0c5623d6fef32b58e3468fd4f5320e81f3b5d74394e26dedb2cd0e791b8238a4N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\npplfrt.exec:\npplfrt.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fhprf.exec:\fhprf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbjvp.exec:\bbjvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjllftr.exec:\vjllftr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phxdb.exec:\phxdb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xldxpxd.exec:\xldxpxd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxjfv.exec:\pxjfv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfbnd.exec:\jfbnd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnbjnjb.exec:\jnbjnjb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxpjlpb.exec:\jxpjlpb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlhvpl.exec:\hlhvpl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfttp.exec:\nfttp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbdlnl.exec:\lbdlnl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrt.exec:\rffrt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhpvh.exec:\dhpvh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pptph.exec:\pptph.exe17⤵
- Executes dropped EXE
-
\??\c:\hvpnxhb.exec:\hvpnxhb.exe18⤵
- Executes dropped EXE
-
\??\c:\nbbpjpn.exec:\nbbpjpn.exe19⤵
- Executes dropped EXE
-
\??\c:\nfrxdld.exec:\nfrxdld.exe20⤵
- Executes dropped EXE
-
\??\c:\frtxf.exec:\frtxf.exe21⤵
- Executes dropped EXE
-
\??\c:\rnrvd.exec:\rnrvd.exe22⤵
- Executes dropped EXE
-
\??\c:\nrxnx.exec:\nrxnx.exe23⤵
- Executes dropped EXE
-
\??\c:\pxhpld.exec:\pxhpld.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nfhdpt.exec:\nfhdpt.exe25⤵
- Executes dropped EXE
-
\??\c:\hhvjt.exec:\hhvjt.exe26⤵
- Executes dropped EXE
-
\??\c:\rrbjf.exec:\rrbjf.exe27⤵
- Executes dropped EXE
-
\??\c:\dxrlvd.exec:\dxrlvd.exe28⤵
- Executes dropped EXE
-
\??\c:\ttvdn.exec:\ttvdn.exe29⤵
- Executes dropped EXE
-
\??\c:\nxvxf.exec:\nxvxf.exe30⤵
- Executes dropped EXE
-
\??\c:\nfxntj.exec:\nfxntj.exe31⤵
- Executes dropped EXE
-
\??\c:\rlrvp.exec:\rlrvp.exe32⤵
- Executes dropped EXE
-
\??\c:\bhdtx.exec:\bhdtx.exe33⤵
- Executes dropped EXE
-
\??\c:\pxxdh.exec:\pxxdh.exe34⤵
- Executes dropped EXE
-
\??\c:\bfxvtxn.exec:\bfxvtxn.exe35⤵
- Executes dropped EXE
-
\??\c:\vlvflbf.exec:\vlvflbf.exe36⤵
- Executes dropped EXE
-
\??\c:\htrtf.exec:\htrtf.exe37⤵
- Executes dropped EXE
-
\??\c:\ppjxr.exec:\ppjxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nprhv.exec:\nprhv.exe39⤵
- Executes dropped EXE
-
\??\c:\pnxhp.exec:\pnxhp.exe40⤵
- Executes dropped EXE
-
\??\c:\ntpbrj.exec:\ntpbrj.exe41⤵
- Executes dropped EXE
-
\??\c:\lftbv.exec:\lftbv.exe42⤵
- Executes dropped EXE
-
\??\c:\njldftl.exec:\njldftl.exe43⤵
- Executes dropped EXE
-
\??\c:\vvxrnf.exec:\vvxrnf.exe44⤵
- Executes dropped EXE
-
\??\c:\nrftjrj.exec:\nrftjrj.exe45⤵
- Executes dropped EXE
-
\??\c:\hjffjdx.exec:\hjffjdx.exe46⤵
- Executes dropped EXE
-
\??\c:\nhxrlr.exec:\nhxrlr.exe47⤵
- Executes dropped EXE
-
\??\c:\rnrjhdb.exec:\rnrjhdb.exe48⤵
- Executes dropped EXE
-
\??\c:\xflvx.exec:\xflvx.exe49⤵
- Executes dropped EXE
-
\??\c:\rlnvfh.exec:\rlnvfh.exe50⤵
- Executes dropped EXE
-
\??\c:\tptvjtd.exec:\tptvjtd.exe51⤵
- Executes dropped EXE
-
\??\c:\dnplv.exec:\dnplv.exe52⤵
- Executes dropped EXE
-
\??\c:\rhxflh.exec:\rhxflh.exe53⤵
- Executes dropped EXE
-
\??\c:\btnldb.exec:\btnldb.exe54⤵
- Executes dropped EXE
-
\??\c:\vhfbpnt.exec:\vhfbpnt.exe55⤵
- Executes dropped EXE
-
\??\c:\tpjrtb.exec:\tpjrtb.exe56⤵
- Executes dropped EXE
-
\??\c:\nnphtt.exec:\nnphtt.exe57⤵
- Executes dropped EXE
-
\??\c:\blxvdb.exec:\blxvdb.exe58⤵
- Executes dropped EXE
-
\??\c:\vddtfbd.exec:\vddtfbd.exe59⤵
- Executes dropped EXE
-
\??\c:\bxdxdtv.exec:\bxdxdtv.exe60⤵
- Executes dropped EXE
-
\??\c:\fdrnv.exec:\fdrnv.exe61⤵
- Executes dropped EXE
-
\??\c:\rpvpx.exec:\rpvpx.exe62⤵
- Executes dropped EXE
-
\??\c:\rjxnrv.exec:\rjxnrv.exe63⤵
- Executes dropped EXE
-
\??\c:\bbffr.exec:\bbffr.exe64⤵
- Executes dropped EXE
-
\??\c:\bxrvh.exec:\bxrvh.exe65⤵
- Executes dropped EXE
-
\??\c:\xfpblf.exec:\xfpblf.exe66⤵
-
\??\c:\lhrbvt.exec:\lhrbvt.exe67⤵
-
\??\c:\rbfnxd.exec:\rbfnxd.exe68⤵
-
\??\c:\jxfflx.exec:\jxfflx.exe69⤵
-
\??\c:\ntxbrf.exec:\ntxbrf.exe70⤵
-
\??\c:\xrbpp.exec:\xrbpp.exe71⤵
-
\??\c:\npdxrr.exec:\npdxrr.exe72⤵
-
\??\c:\nhhxrv.exec:\nhhxrv.exe73⤵
-
\??\c:\rjjthnp.exec:\rjjthnp.exe74⤵
-
\??\c:\ppxvx.exec:\ppxvx.exe75⤵
-
\??\c:\xlxvv.exec:\xlxvv.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppdnt.exec:\ppdnt.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frlrxp.exec:\frlrxp.exe78⤵
-
\??\c:\ppljxbj.exec:\ppljxbj.exe79⤵
-
\??\c:\pjflp.exec:\pjflp.exe80⤵
-
\??\c:\rjdbxbv.exec:\rjdbxbv.exe81⤵
-
\??\c:\rjvlrpp.exec:\rjvlrpp.exe82⤵
-
\??\c:\pbtfj.exec:\pbtfj.exe83⤵
-
\??\c:\xdpln.exec:\xdpln.exe84⤵
-
\??\c:\nxfdfdv.exec:\nxfdfdv.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\prlxl.exec:\prlxl.exe86⤵
-
\??\c:\vplbjv.exec:\vplbjv.exe87⤵
-
\??\c:\hfpftx.exec:\hfpftx.exe88⤵
-
\??\c:\fhlpj.exec:\fhlpj.exe89⤵
-
\??\c:\ftnpbnp.exec:\ftnpbnp.exe90⤵
-
\??\c:\jpplt.exec:\jpplt.exe91⤵
-
\??\c:\dxxnbd.exec:\dxxnbd.exe92⤵
-
\??\c:\lxvnl.exec:\lxvnl.exe93⤵
-
\??\c:\jdrfrft.exec:\jdrfrft.exe94⤵
-
\??\c:\nhxfb.exec:\nhxfb.exe95⤵
-
\??\c:\bptdll.exec:\bptdll.exe96⤵
-
\??\c:\hdhtv.exec:\hdhtv.exe97⤵
-
\??\c:\xrpbhtv.exec:\xrpbhtv.exe98⤵
-
\??\c:\xxpdht.exec:\xxpdht.exe99⤵
-
\??\c:\plhrvdv.exec:\plhrvdv.exe100⤵
-
\??\c:\tnffj.exec:\tnffj.exe101⤵
-
\??\c:\vxhnlt.exec:\vxhnlt.exe102⤵
-
\??\c:\tfxxt.exec:\tfxxt.exe103⤵
-
\??\c:\fnlhjj.exec:\fnlhjj.exe104⤵
-
\??\c:\tddhn.exec:\tddhn.exe105⤵
-
\??\c:\hpnjdxh.exec:\hpnjdxh.exe106⤵
-
\??\c:\hplfhb.exec:\hplfhb.exe107⤵
-
\??\c:\vdrftvb.exec:\vdrftvb.exe108⤵
-
\??\c:\rjbblt.exec:\rjbblt.exe109⤵
-
\??\c:\pvjfjh.exec:\pvjfjh.exe110⤵
-
\??\c:\jjrxfnr.exec:\jjrxfnr.exe111⤵
-
\??\c:\nvxvdp.exec:\nvxvdp.exe112⤵
-
\??\c:\rjxjdbf.exec:\rjxjdbf.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fbrjlx.exec:\fbrjlx.exe114⤵
-
\??\c:\pfbxlxt.exec:\pfbxlxt.exe115⤵
-
\??\c:\vtvxtl.exec:\vtvxtl.exe116⤵
-
\??\c:\rblfhvj.exec:\rblfhvj.exe117⤵
-
\??\c:\nxrhntf.exec:\nxrhntf.exe118⤵
-
\??\c:\fbldjpx.exec:\fbldjpx.exe119⤵
-
\??\c:\tttbpb.exec:\tttbpb.exe120⤵
-
\??\c:\dlhhh.exec:\dlhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-