Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
04/10/2024, 15:04
General
-
Target
104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37N.exe
-
Size
64KB
-
MD5
8932a19049f0559d5386b2ef63e9cdd0
-
SHA1
cd45050127d9ec1e809ecfb920612c33ce6e0286
-
SHA256
104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37
-
SHA512
e6359b721b2f707da37b0ee804a77789f813978c345ad20a5517cf556f3aa596a4539dddb50eecb90959f008dd6bb4c54806530cbc3ced765101d6defdb62cb9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiG:ymb3NkkiQ3mdBjF0y7kbh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37N.exe"C:\Users\Admin\AppData\Local\Temp\104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrxf.exec:\rlffrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbhnt.exec:\3tbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvdj.exec:\3dvdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnntb.exec:\hhnntb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtbh.exec:\nbhtbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvdp.exec:\5dvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxxx.exec:\frxxxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbbb.exec:\ttnbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htbhn.exec:\3htbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvvp.exec:\9jvvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfrx.exec:\rrrrfrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxfxr.exec:\xrfxfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnt.exec:\bthbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe17⤵
- Executes dropped EXE
-
\??\c:\3fllrfl.exec:\3fllrfl.exe18⤵
- Executes dropped EXE
-
\??\c:\1rlrrxl.exec:\1rlrrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\hbtnnh.exec:\hbtnnh.exe20⤵
- Executes dropped EXE
-
\??\c:\1hnbbb.exec:\1hnbbb.exe21⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe22⤵
- Executes dropped EXE
-
\??\c:\9pjjj.exec:\9pjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\fxllrrf.exec:\fxllrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\btthth.exec:\btthth.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhttbh.exec:\hhttbh.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe27⤵
- Executes dropped EXE
-
\??\c:\1dvjd.exec:\1dvjd.exe28⤵
- Executes dropped EXE
-
\??\c:\rflrflr.exec:\rflrflr.exe29⤵
- Executes dropped EXE
-
\??\c:\tbhnnn.exec:\tbhnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe31⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflrfr.exec:\xrflrfr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe35⤵
- Executes dropped EXE
-
\??\c:\9hbnnn.exec:\9hbnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vdjpd.exec:\vdjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe38⤵
- Executes dropped EXE
-
\??\c:\rfxfffr.exec:\rfxfffr.exe39⤵
- Executes dropped EXE
-
\??\c:\3llxllf.exec:\3llxllf.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnnht.exec:\bbnnht.exe41⤵
- Executes dropped EXE
-
\??\c:\9nhhnt.exec:\9nhhnt.exe42⤵
- Executes dropped EXE
-
\??\c:\3jdpj.exec:\3jdpj.exe43⤵
- Executes dropped EXE
-
\??\c:\fllrffr.exec:\fllrffr.exe44⤵
- Executes dropped EXE
-
\??\c:\xlxxflr.exec:\xlxxflr.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtnth.exec:\bbtnth.exe46⤵
- Executes dropped EXE
-
\??\c:\bnnhnt.exec:\bnnhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\5frrxff.exec:\5frrxff.exe50⤵
- Executes dropped EXE
-
\??\c:\rfllrrx.exec:\rfllrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\9nhthh.exec:\9nhthh.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\5pdjp.exec:\5pdjp.exe56⤵
- Executes dropped EXE
-
\??\c:\lllllrf.exec:\lllllrf.exe57⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bnbhtb.exec:\bnbhtb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\7jpvd.exec:\7jpvd.exe61⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\9tbhnh.exec:\9tbhnh.exe64⤵
- Executes dropped EXE
-
\??\c:\hhbbnn.exec:\hhbbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\tthnnh.exec:\tthnnh.exe66⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe67⤵
-
\??\c:\1xfxxfr.exec:\1xfxxfr.exe68⤵
-
\??\c:\9rflrfl.exec:\9rflrfl.exe69⤵
-
\??\c:\frflfll.exec:\frflfll.exe70⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe71⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe72⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe73⤵
-
\??\c:\pddpd.exec:\pddpd.exe74⤵
-
\??\c:\flxfxll.exec:\flxfxll.exe75⤵
-
\??\c:\xrllrfl.exec:\xrllrfl.exe76⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe77⤵
-
\??\c:\7bhntb.exec:\7bhntb.exe78⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe79⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe80⤵
-
\??\c:\lfxllrx.exec:\lfxllrx.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lrlrffx.exec:\lrlrffx.exe82⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe83⤵
-
\??\c:\7bbttt.exec:\7bbttt.exe84⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe85⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe86⤵
-
\??\c:\lfrlxfr.exec:\lfrlxfr.exe87⤵
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe88⤵
-
\??\c:\bntttt.exec:\bntttt.exe89⤵
-
\??\c:\1btbhn.exec:\1btbhn.exe90⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe91⤵
-
\??\c:\pjddd.exec:\pjddd.exe92⤵
-
\??\c:\3rlrxxl.exec:\3rlrxxl.exe93⤵
-
\??\c:\7frrxxf.exec:\7frrxxf.exe94⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe95⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe96⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe97⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe98⤵
-
\??\c:\vjddj.exec:\vjddj.exe99⤵
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe100⤵
-
\??\c:\lrfrrxx.exec:\lrfrrxx.exe101⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe102⤵
-
\??\c:\hnbthh.exec:\hnbthh.exe103⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe104⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe105⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe106⤵
-
\??\c:\xlrflrx.exec:\xlrflrx.exe107⤵
-
\??\c:\lxxxxxr.exec:\lxxxxxr.exe108⤵
-
\??\c:\1htbhn.exec:\1htbhn.exe109⤵
-
\??\c:\7bhntb.exec:\7bhntb.exe110⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe111⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe112⤵
-
\??\c:\1fxfrxf.exec:\1fxfrxf.exe113⤵
-
\??\c:\fxlxllx.exec:\fxlxllx.exe114⤵
-
\??\c:\5flxxxx.exec:\5flxxxx.exe115⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe116⤵
-
\??\c:\3nttbb.exec:\3nttbb.exe117⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe118⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe119⤵
-
\??\c:\fflrfxf.exec:\fflrfxf.exe120⤵
-
\??\c:\fxfffxf.exec:\fxfffxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-