Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
05/10/2024, 20:21
General
-
Target
33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe.exe
-
Size
229KB
-
MD5
b240f0f6af18f3761944e747427a0a4d
-
SHA1
c2a19c8eb6fc2b6693a39f7857df3dabb0c7bf2c
-
SHA256
33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe
-
SHA512
a7d8f82f1bc519bf4cce946ce24835f2b617f48728ab95b4fc76bb13e22ad2ff738e06546cdfabd9d9586ba0560a85ec0ca5a1b9bdc174ddf6279761ad73d43c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLjBeGdE:n3C9BRo7MlrWKo+lxK4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe.exe"C:\Users\Admin\AppData\Local\Temp\33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9bttbb.exec:\9bttbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hntbb.exec:\3hntbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbhb.exec:\thbbhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvd.exec:\jvpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxllf.exec:\rlrxllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbb.exec:\bbntbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnntn.exec:\ntnntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxfxl.exec:\5lxxfxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhnt.exec:\bnhhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvp.exec:\pjvvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxrxf.exec:\lrxxrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrlf.exec:\rllfrlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbthh.exec:\htbthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe17⤵
- Executes dropped EXE
-
\??\c:\fxllxxr.exec:\fxllxxr.exe18⤵
- Executes dropped EXE
-
\??\c:\rfllrrx.exec:\rfllrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe20⤵
- Executes dropped EXE
-
\??\c:\9dppv.exec:\9dppv.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe24⤵
- Executes dropped EXE
-
\??\c:\ffffrfx.exec:\ffffrfx.exe25⤵
- Executes dropped EXE
-
\??\c:\bhtbtt.exec:\bhtbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe28⤵
- Executes dropped EXE
-
\??\c:\9xlllll.exec:\9xlllll.exe29⤵
- Executes dropped EXE
-
\??\c:\hhbhbb.exec:\hhbhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\ntnhnn.exec:\ntnhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe32⤵
- Executes dropped EXE
-
\??\c:\xrrrffl.exec:\xrrrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbhhh.exec:\hhbhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\fxfflfl.exec:\fxfflfl.exe38⤵
- Executes dropped EXE
-
\??\c:\3xlrxfr.exec:\3xlrxfr.exe39⤵
- Executes dropped EXE
-
\??\c:\1ttbnt.exec:\1ttbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe41⤵
- Executes dropped EXE
-
\??\c:\5dvdd.exec:\5dvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrfrrx.exec:\rlrfrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\xlxxffr.exec:\xlxxffr.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnbht.exec:\bbnbht.exe46⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe47⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhntn.exec:\nbhntn.exe51⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe52⤵
- Executes dropped EXE
-
\??\c:\1jvpv.exec:\1jvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe54⤵
- Executes dropped EXE
-
\??\c:\rfxrffl.exec:\rfxrffl.exe55⤵
- Executes dropped EXE
-
\??\c:\hbtbnb.exec:\hbtbnb.exe56⤵
- Executes dropped EXE
-
\??\c:\7nnntt.exec:\7nnntt.exe57⤵
- Executes dropped EXE
-
\??\c:\7pvpv.exec:\7pvpv.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dvdvv.exec:\dvdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\frxxffr.exec:\frxxffr.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\frxfffl.exec:\frxfffl.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnhnt.exec:\nbnhnt.exe63⤵
- Executes dropped EXE
-
\??\c:\1pddv.exec:\1pddv.exe64⤵
- Executes dropped EXE
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\3xxflrx.exec:\3xxflrx.exe66⤵
-
\??\c:\xlrrrlr.exec:\xlrrrlr.exe67⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe68⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe69⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe70⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe71⤵
-
\??\c:\rxfxllr.exec:\rxfxllr.exe72⤵
-
\??\c:\3bhhnt.exec:\3bhhnt.exe73⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe74⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe75⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe76⤵
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe77⤵
-
\??\c:\xxflrxl.exec:\xxflrxl.exe78⤵
-
\??\c:\1btbbh.exec:\1btbbh.exe79⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe80⤵
-
\??\c:\vvddp.exec:\vvddp.exe81⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe82⤵
-
\??\c:\xrxrxrr.exec:\xrxrxrr.exe83⤵
-
\??\c:\7ffrxfr.exec:\7ffrxfr.exe84⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe85⤵
-
\??\c:\thnttt.exec:\thnttt.exe86⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe87⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe88⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe89⤵
-
\??\c:\lfflrrf.exec:\lfflrrf.exe90⤵
-
\??\c:\thbtnt.exec:\thbtnt.exe91⤵
-
\??\c:\9tbbbh.exec:\9tbbbh.exe92⤵
-
\??\c:\7jddd.exec:\7jddd.exe93⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe94⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe95⤵
-
\??\c:\7tnthh.exec:\7tnthh.exe96⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe97⤵
-
\??\c:\bbhntb.exec:\bbhntb.exe98⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe99⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe100⤵
-
\??\c:\rfllfxf.exec:\rfllfxf.exe101⤵
-
\??\c:\1hnbhh.exec:\1hnbhh.exe102⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe103⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe104⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5vjvd.exec:\5vjvd.exe105⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe106⤵
-
\??\c:\frffllr.exec:\frffllr.exe107⤵
-
\??\c:\xrflrlx.exec:\xrflrlx.exe108⤵
-
\??\c:\thttbh.exec:\thttbh.exe109⤵
-
\??\c:\7htbhn.exec:\7htbhn.exe110⤵
-
\??\c:\pdppv.exec:\pdppv.exe111⤵
-
\??\c:\9rrrrll.exec:\9rrrrll.exe112⤵
-
\??\c:\lfrrfxf.exec:\lfrrfxf.exe113⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe114⤵
-
\??\c:\1hhhnn.exec:\1hhhnn.exe115⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7pdjd.exec:\7pdjd.exe117⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe118⤵
-
\??\c:\9xlrxxl.exec:\9xlrxxl.exe119⤵
-
\??\c:\nnhnnh.exec:\nnhnnh.exe120⤵
-
\??\c:\tntthb.exec:\tntthb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-