Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/10/2024, 20:21
General
-
Target
33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe.exe
-
Size
229KB
-
MD5
b240f0f6af18f3761944e747427a0a4d
-
SHA1
c2a19c8eb6fc2b6693a39f7857df3dabb0c7bf2c
-
SHA256
33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe
-
SHA512
a7d8f82f1bc519bf4cce946ce24835f2b617f48728ab95b4fc76bb13e22ad2ff738e06546cdfabd9d9586ba0560a85ec0ca5a1b9bdc174ddf6279761ad73d43c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLjBeGdE:n3C9BRo7MlrWKo+lxK4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe.exe"C:\Users\Admin\AppData\Local\Temp\33f409535391e681d01b2a9808bfafd990b5d62328aa9383b8a5b673874482fe.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnb.exec:\bhhbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpv.exec:\pvdpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnh.exec:\nhhtnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpd.exec:\5vvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllrrf.exec:\5rllrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhnt.exec:\tbhhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjp.exec:\vvpjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbnh.exec:\nthbnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpdp.exec:\9vpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbtnh.exec:\9tbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddj.exec:\ppddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjp.exec:\pvvjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhnn.exec:\htnhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhb.exec:\bhnnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxrf.exec:\frxlxrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththbt.exec:\ththbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvp.exec:\7ddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllfx.exec:\xxxllfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhbt.exec:\ntnhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhtnh.exec:\tnhtnh.exe24⤵
- Executes dropped EXE
-
\??\c:\xrlxrfx.exec:\xrlxrfx.exe25⤵
- Executes dropped EXE
-
\??\c:\thnbtn.exec:\thnbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\7nnbtn.exec:\7nnbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe28⤵
- Executes dropped EXE
-
\??\c:\1bthtn.exec:\1bthtn.exe29⤵
- Executes dropped EXE
-
\??\c:\7hnttn.exec:\7hnttn.exe30⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe31⤵
- Executes dropped EXE
-
\??\c:\rxxlxxl.exec:\rxxlxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\nbntbt.exec:\nbntbt.exe34⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe35⤵
- Executes dropped EXE
-
\??\c:\5lrffxx.exec:\5lrffxx.exe36⤵
- Executes dropped EXE
-
\??\c:\lxxxrll.exec:\lxxxrll.exe37⤵
- Executes dropped EXE
-
\??\c:\3nhtnh.exec:\3nhtnh.exe38⤵
- Executes dropped EXE
-
\??\c:\nnnbnn.exec:\nnnbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\7pjvd.exec:\7pjvd.exe40⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrrfrl.exec:\fxrrfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\bbnhbt.exec:\bbnhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\hbhtnh.exec:\hbhtnh.exe44⤵
- Executes dropped EXE
-
\??\c:\7ddpv.exec:\7ddpv.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrlrlf.exec:\rfrlrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\xflllrx.exec:\xflllrx.exe47⤵
- Executes dropped EXE
-
\??\c:\tbbthb.exec:\tbbthb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\3llxffr.exec:\3llxffr.exe51⤵
- Executes dropped EXE
-
\??\c:\tbbnht.exec:\tbbnht.exe52⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe54⤵
- Executes dropped EXE
-
\??\c:\lrxlffl.exec:\lrxlffl.exe55⤵
- Executes dropped EXE
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe56⤵
- Executes dropped EXE
-
\??\c:\9btnbb.exec:\9btnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe59⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe60⤵
- Executes dropped EXE
-
\??\c:\lrflrrl.exec:\lrflrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\nbtthb.exec:\nbtthb.exe62⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe63⤵
- Executes dropped EXE
-
\??\c:\djvjv.exec:\djvjv.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1vdpv.exec:\1vdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe66⤵
-
\??\c:\9btnbt.exec:\9btnbt.exe67⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe68⤵
-
\??\c:\rllxlfr.exec:\rllxlfr.exe69⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe70⤵
-
\??\c:\7vvjv.exec:\7vvjv.exe71⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe72⤵
-
\??\c:\rffxxrx.exec:\rffxxrx.exe73⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe74⤵
-
\??\c:\vppdp.exec:\vppdp.exe75⤵
-
\??\c:\frlfrlx.exec:\frlfrlx.exe76⤵
-
\??\c:\rflfrll.exec:\rflfrll.exe77⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe78⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe79⤵
-
\??\c:\djjvp.exec:\djjvp.exe80⤵
-
\??\c:\lxlxlfx.exec:\lxlxlfx.exe81⤵
-
\??\c:\lxlxlfx.exec:\lxlxlfx.exe82⤵
-
\??\c:\7hbtnh.exec:\7hbtnh.exe83⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe84⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe85⤵
-
\??\c:\frrlrrr.exec:\frrlrrr.exe86⤵
-
\??\c:\xlfxrlx.exec:\xlfxrlx.exe87⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe88⤵
-
\??\c:\nnnbnh.exec:\nnnbnh.exe89⤵
-
\??\c:\djjjj.exec:\djjjj.exe90⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe91⤵
-
\??\c:\fflfxrl.exec:\fflfxrl.exe92⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe93⤵
-
\??\c:\7ttnhb.exec:\7ttnhb.exe94⤵
-
\??\c:\dppdp.exec:\dppdp.exe95⤵
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe96⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe97⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe98⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe99⤵
-
\??\c:\1djdp.exec:\1djdp.exe100⤵
-
\??\c:\xfrlxrf.exec:\xfrlxrf.exe101⤵
-
\??\c:\3lfxrlf.exec:\3lfxrlf.exe102⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe103⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe104⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe105⤵
-
\??\c:\rllfffr.exec:\rllfffr.exe106⤵
-
\??\c:\xxrfxrl.exec:\xxrfxrl.exe107⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe108⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe109⤵
-
\??\c:\vddvp.exec:\vddvp.exe110⤵
-
\??\c:\flfxlfx.exec:\flfxlfx.exe111⤵
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe112⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe113⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe114⤵
-
\??\c:\1djdd.exec:\1djdd.exe115⤵
-
\??\c:\7lfrffx.exec:\7lfrffx.exe116⤵
-
\??\c:\rxfrfxr.exec:\rxfrfxr.exe117⤵
-
\??\c:\ttnbbt.exec:\ttnbbt.exe118⤵
-
\??\c:\5tttnh.exec:\5tttnh.exe119⤵
-
\??\c:\xxxrrfl.exec:\xxxrrfl.exe120⤵
-
\??\c:\1llxrfx.exec:\1llxrfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-