Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 01:07
General
-
Target
be8c9a7f869aa36e2e182c6d95ab7e08cbfe93f4904ea0a3dea7db036ccae3c5N.exe
-
Size
106KB
-
MD5
2242ae4a33111e3f17801b2528169300
-
SHA1
3a16c47aeac70b4170ef5fc6e08e140bd3786bc7
-
SHA256
be8c9a7f869aa36e2e182c6d95ab7e08cbfe93f4904ea0a3dea7db036ccae3c5
-
SHA512
4608184fd314f226d52eb84d6eac49cf8cf943e29ef9dd698b95cb488d90b67a139021f565438c0945624d002c843a04cf9da0883dbe0bec9c23220fcbffbcd8
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+buwUGu3P3CAZ:n3C9BRo7MlrWKVT+buBGu3Pl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\be8c9a7f869aa36e2e182c6d95ab7e08cbfe93f4904ea0a3dea7db036ccae3c5N.exe"C:\Users\Admin\AppData\Local\Temp\be8c9a7f869aa36e2e182c6d95ab7e08cbfe93f4904ea0a3dea7db036ccae3c5N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtbh.exec:\bbbtbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtt.exec:\htnhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdp.exec:\vdjdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrrl.exec:\rllxrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhbnn.exec:\3nhbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvd.exec:\pvdvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxllf.exec:\rflxllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttt.exec:\nbbttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfllrl.exec:\xxfllrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxllf.exec:\fxfxllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrlf.exec:\rllxrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhbtt.exec:\3nhbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfrlxr.exec:\fxfrlxr.exe24⤵
- Executes dropped EXE
-
\??\c:\7hbbbb.exec:\7hbbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\nbnnbb.exec:\nbnnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\9pdpj.exec:\9pdpj.exe27⤵
- Executes dropped EXE
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\rrffrrr.exec:\rrffrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\xfrrlfx.exec:\xfrrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\9djdj.exec:\9djdj.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrrfrl.exec:\rfrrfrl.exe36⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe37⤵
- Executes dropped EXE
-
\??\c:\lllllll.exec:\lllllll.exe38⤵
- Executes dropped EXE
-
\??\c:\hhnbbh.exec:\hhnbbh.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dvvpp.exec:\dvvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\xllfrrx.exec:\xllfrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrlfff.exec:\xxrlfff.exe42⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe43⤵
- Executes dropped EXE
-
\??\c:\3hnhhb.exec:\3hnhhb.exe44⤵
- Executes dropped EXE
-
\??\c:\7pppd.exec:\7pppd.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\3frlrrl.exec:\3frlrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\5bbnhh.exec:\5bbnhh.exe48⤵
- Executes dropped EXE
-
\??\c:\1ntnbb.exec:\1ntnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\rfffrrl.exec:\rfffrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\frrrrlr.exec:\frrrrlr.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhhhn.exec:\tnhhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe55⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe56⤵
- Executes dropped EXE
-
\??\c:\rffxlll.exec:\rffxlll.exe57⤵
- Executes dropped EXE
-
\??\c:\flllffx.exec:\flllffx.exe58⤵
- Executes dropped EXE
-
\??\c:\bbhbhh.exec:\bbhbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\btnhth.exec:\btnhth.exe65⤵
- Executes dropped EXE
-
\??\c:\9bhhnn.exec:\9bhhnn.exe66⤵
-
\??\c:\jppjd.exec:\jppjd.exe67⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe68⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe69⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe70⤵
-
\??\c:\ntbhtt.exec:\ntbhtt.exe71⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe72⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe73⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe74⤵
-
\??\c:\rrllllf.exec:\rrllllf.exe75⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe76⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe77⤵
-
\??\c:\7jddp.exec:\7jddp.exe78⤵
-
\??\c:\xlfllxf.exec:\xlfllxf.exe79⤵
-
\??\c:\lffxrfx.exec:\lffxrfx.exe80⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe81⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe82⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe83⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe84⤵
-
\??\c:\jdppv.exec:\jdppv.exe85⤵
-
\??\c:\9rxrllf.exec:\9rxrllf.exe86⤵
-
\??\c:\xrffffx.exec:\xrffffx.exe87⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe88⤵
-
\??\c:\btbbth.exec:\btbbth.exe89⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe90⤵
-
\??\c:\rfrffrx.exec:\rfrffrx.exe91⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe92⤵
-
\??\c:\hnbthn.exec:\hnbthn.exe93⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe94⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe95⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe96⤵
-
\??\c:\lrrfxrr.exec:\lrrfxrr.exe97⤵
-
\??\c:\xlrlrrr.exec:\xlrlrrr.exe98⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe99⤵
-
\??\c:\httnbb.exec:\httnbb.exe100⤵
-
\??\c:\jdddd.exec:\jdddd.exe101⤵
-
\??\c:\vppvj.exec:\vppvj.exe102⤵
-
\??\c:\frrlxxx.exec:\frrlxxx.exe103⤵
-
\??\c:\ffffxfx.exec:\ffffxfx.exe104⤵
-
\??\c:\ttbbbn.exec:\ttbbbn.exe105⤵
-
\??\c:\9tttnn.exec:\9tttnn.exe106⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe107⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe108⤵
-
\??\c:\xfrfxrl.exec:\xfrfxrl.exe109⤵
-
\??\c:\xlrfrfl.exec:\xlrfrfl.exe110⤵
-
\??\c:\ttthhb.exec:\ttthhb.exe111⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe112⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe113⤵
-
\??\c:\xfllxxr.exec:\xfllxxr.exe114⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe115⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe116⤵
-
\??\c:\pjppj.exec:\pjppj.exe117⤵
-
\??\c:\pppdv.exec:\pppdv.exe118⤵
-
\??\c:\xfrrxxr.exec:\xfrrxxr.exe119⤵
-
\??\c:\fxxxffl.exec:\fxxxffl.exe120⤵
-
\??\c:\5nbtnn.exec:\5nbtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-