Analysis
-
max time kernel
120s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 00:12
General
-
Target
88f6e1cf2bf227ab323195840055a023a2db50a7a06d59901204f5b6c0ab5eb5N.exe
-
Size
71KB
-
MD5
b18c9270be0f66c02fc778110a8a5830
-
SHA1
c4b28c4d381b7d8c424636fb830af323fd672e5f
-
SHA256
88f6e1cf2bf227ab323195840055a023a2db50a7a06d59901204f5b6c0ab5eb5
-
SHA512
5dfdcdaea0cb7d5bb8744387416f5b5e89e80d301f0941dc7c9084830b8b91c13763fc2f13b24880f0f60c7ca47e664c9580f832c9f5017466909aec08dacea4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjV:ymb3NkkiQ3mdBjFI4VF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\88f6e1cf2bf227ab323195840055a023a2db50a7a06d59901204f5b6c0ab5eb5N.exe"C:\Users\Admin\AppData\Local\Temp\88f6e1cf2bf227ab323195840055a023a2db50a7a06d59901204f5b6c0ab5eb5N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbn.exec:\hbbnbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdj.exec:\9pjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpv.exec:\9vvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbthb.exec:\nbbthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djvp.exec:\3djvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxxl.exec:\lrlfxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbb.exec:\nbhbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpp.exec:\dvvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrlf.exec:\llxrrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffrlx.exec:\9fffrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddpd.exec:\7ddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxfxr.exec:\7rfxfxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbt.exec:\hbhbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbthb.exec:\1bbthb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvj.exec:\pvdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllfr.exec:\fxrllfr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxrf.exec:\lllfxrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthb.exec:\btbthb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdd.exec:\5pjdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe23⤵
- Executes dropped EXE
-
\??\c:\rlfrllf.exec:\rlfrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\nthnnb.exec:\nthnnb.exe25⤵
- Executes dropped EXE
-
\??\c:\1jpjv.exec:\1jpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\1ffxlfx.exec:\1ffxlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\bhbnbt.exec:\bhbnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\ttthtn.exec:\ttthtn.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9pvjp.exec:\9pvjp.exe31⤵
- Executes dropped EXE
-
\??\c:\3ffxllx.exec:\3ffxllx.exe32⤵
- Executes dropped EXE
-
\??\c:\htnhbn.exec:\htnhbn.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbtbt.exec:\ntbtbt.exe34⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe35⤵
- Executes dropped EXE
-
\??\c:\vdvpp.exec:\vdvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\5xrlxfx.exec:\5xrlxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\5thtnb.exec:\5thtnb.exe38⤵
- Executes dropped EXE
-
\??\c:\5bhtbt.exec:\5bhtbt.exe39⤵
- Executes dropped EXE
-
\??\c:\1pjvj.exec:\1pjvj.exe40⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe41⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxllff.exec:\xrxllff.exe43⤵
- Executes dropped EXE
-
\??\c:\7llllfx.exec:\7llllfx.exe44⤵
- Executes dropped EXE
-
\??\c:\ntntth.exec:\ntntth.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbnnh.exec:\tnbnnh.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe47⤵
- Executes dropped EXE
-
\??\c:\1flfrrf.exec:\1flfrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\9xrrlxx.exec:\9xrrlxx.exe49⤵
- Executes dropped EXE
-
\??\c:\3bnhtn.exec:\3bnhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe52⤵
- Executes dropped EXE
-
\??\c:\3lffrrf.exec:\3lffrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfxxfr.exec:\fxfxxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\5hhbbt.exec:\5hhbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhbhb.exec:\bnhbhb.exe56⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe57⤵
- Executes dropped EXE
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrlfff.exec:\lrrlfff.exe59⤵
- Executes dropped EXE
-
\??\c:\bbhhnh.exec:\bbhhnh.exe60⤵
- Executes dropped EXE
-
\??\c:\3tnbhb.exec:\3tnbhb.exe61⤵
- Executes dropped EXE
-
\??\c:\thhbnh.exec:\thhbnh.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe63⤵
- Executes dropped EXE
-
\??\c:\rxxrlfr.exec:\rxxrlfr.exe64⤵
- Executes dropped EXE
-
\??\c:\1rxllff.exec:\1rxllff.exe65⤵
- Executes dropped EXE
-
\??\c:\nttnbb.exec:\nttnbb.exe66⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe67⤵
-
\??\c:\3ppdj.exec:\3ppdj.exe68⤵
-
\??\c:\xfrfxrl.exec:\xfrfxrl.exe69⤵
-
\??\c:\lflfrlf.exec:\lflfrlf.exe70⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe71⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe72⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe74⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe75⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe76⤵
-
\??\c:\bnhnnh.exec:\bnhnnh.exe77⤵
-
\??\c:\vddvd.exec:\vddvd.exe78⤵
-
\??\c:\jdppv.exec:\jdppv.exe79⤵
-
\??\c:\lxfxllf.exec:\lxfxllf.exe80⤵
-
\??\c:\frlfrrf.exec:\frlfrrf.exe81⤵
-
\??\c:\tnbnbt.exec:\tnbnbt.exe82⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe83⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe84⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe85⤵
-
\??\c:\tbnhbt.exec:\tbnhbt.exe86⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe87⤵
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe88⤵
-
\??\c:\9llxrll.exec:\9llxrll.exe89⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe90⤵
-
\??\c:\dvppj.exec:\dvppj.exe91⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe92⤵
-
\??\c:\1vdjv.exec:\1vdjv.exe93⤵
-
\??\c:\ffllrrr.exec:\ffllrrr.exe94⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe95⤵
-
\??\c:\7nhnnt.exec:\7nhnnt.exe96⤵
-
\??\c:\7hnnhn.exec:\7hnnhn.exe97⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe98⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe99⤵
-
\??\c:\frrllfr.exec:\frrllfr.exe100⤵
-
\??\c:\5frffll.exec:\5frffll.exe101⤵
-
\??\c:\thtthb.exec:\thtthb.exe102⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe103⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe104⤵
-
\??\c:\5fxrflf.exec:\5fxrflf.exe105⤵
-
\??\c:\xlrlrrx.exec:\xlrlrrx.exe106⤵
-
\??\c:\5thhnn.exec:\5thhnn.exe107⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe108⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe109⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe110⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe111⤵
-
\??\c:\bnhbhn.exec:\bnhbhn.exe112⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe113⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe114⤵
-
\??\c:\xffxfxr.exec:\xffxfxr.exe115⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe116⤵
-
\??\c:\1nhhhb.exec:\1nhhhb.exe117⤵
-
\??\c:\thhbhb.exec:\thhbhb.exe118⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe119⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe120⤵
-
\??\c:\lfrlrxr.exec:\lfrlrxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-