Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/10/2024, 08:46
General
-
Target
a646cb4b5e2f58cbcb83b7bf29201da77f225aeddbc4d88c3aa9c912139e6c4cN.exe
-
Size
82KB
-
MD5
5c0d0687113b4863627a43034d3eeca0
-
SHA1
4ab3eaeb92de1afe658a28fc6afc5c8d0871633b
-
SHA256
a646cb4b5e2f58cbcb83b7bf29201da77f225aeddbc4d88c3aa9c912139e6c4c
-
SHA512
4332589789a80936eeb287867d96b945cbb593dfde45873b7ca345fbc49a8f0ab0c3ba59291f4327b9f6763b718a0c249000f1d1cf2ff30f78dc6b5f30a1f317
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QF:ymb3NkkiQ3mdBjFIIp9L9QrrA8K
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a646cb4b5e2f58cbcb83b7bf29201da77f225aeddbc4d88c3aa9c912139e6c4cN.exe"C:\Users\Admin\AppData\Local\Temp\a646cb4b5e2f58cbcb83b7bf29201da77f225aeddbc4d88c3aa9c912139e6c4cN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrffrl.exec:\xxrffrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbh.exec:\nnhhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnh.exec:\btttnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppp.exec:\djppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fllxxx.exec:\3fllxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddd.exec:\jjddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlll.exec:\xrxrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhhh.exec:\9hnhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpv.exec:\5pvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lllfrl.exec:\9lllfrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbb.exec:\tnhbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvd.exec:\vdjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrllr.exec:\lxxrllr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnttt.exec:\tbnttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhhb.exec:\nnnhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfxxx.exec:\lfxfxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\bnnnbt.exec:\bnnnbt.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\3hbnhb.exec:\3hbnhb.exe26⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlffff.exec:\xxlffff.exe34⤵
- Executes dropped EXE
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\bhhnnt.exec:\bhhnnt.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe38⤵
- Executes dropped EXE
-
\??\c:\3lllfff.exec:\3lllfff.exe39⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\7vddp.exec:\7vddp.exe42⤵
- Executes dropped EXE
-
\??\c:\7lrrfff.exec:\7lrrfff.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbnhb.exec:\bnbnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe45⤵
- Executes dropped EXE
-
\??\c:\llllfll.exec:\llllfll.exe46⤵
- Executes dropped EXE
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe47⤵
- Executes dropped EXE
-
\??\c:\9hhbnh.exec:\9hhbnh.exe48⤵
- Executes dropped EXE
-
\??\c:\1dpvv.exec:\1dpvv.exe49⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe50⤵
- Executes dropped EXE
-
\??\c:\rfffxfx.exec:\rfffxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\9xxrlll.exec:\9xxrlll.exe52⤵
- Executes dropped EXE
-
\??\c:\1lrrlrr.exec:\1lrrlrr.exe53⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\3nttnh.exec:\3nttnh.exe57⤵
- Executes dropped EXE
-
\??\c:\3hhbbt.exec:\3hhbbt.exe58⤵
- Executes dropped EXE
-
\??\c:\9dddj.exec:\9dddj.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\1xlrfxx.exec:\1xlrfxx.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\3btntn.exec:\3btntn.exe63⤵
- Executes dropped EXE
-
\??\c:\5ddvp.exec:\5ddvp.exe64⤵
- Executes dropped EXE
-
\??\c:\9flxlfx.exec:\9flxlfx.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlxrrl.exec:\fxlxrrl.exe66⤵
-
\??\c:\9nnnbt.exec:\9nnnbt.exe67⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe68⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe69⤵
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe70⤵
-
\??\c:\7rlxrxl.exec:\7rlxrxl.exe71⤵
-
\??\c:\htttnn.exec:\htttnn.exe72⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe73⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe74⤵
-
\??\c:\1rfrfrl.exec:\1rfrfrl.exe75⤵
-
\??\c:\llxfffx.exec:\llxfffx.exe76⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe77⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe78⤵
-
\??\c:\pjppd.exec:\pjppd.exe79⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe80⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe81⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe82⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe83⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe84⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe85⤵
-
\??\c:\5lxrfxf.exec:\5lxrfxf.exe86⤵
-
\??\c:\lffrrxx.exec:\lffrrxx.exe87⤵
-
\??\c:\1nbbhh.exec:\1nbbhh.exe88⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe89⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe90⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe91⤵
-
\??\c:\llfrrrl.exec:\llfrrrl.exe92⤵
-
\??\c:\9rrrrrr.exec:\9rrrrrr.exe93⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvpdp.exec:\jvpdp.exe95⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe96⤵
-
\??\c:\3llxlfr.exec:\3llxlfr.exe97⤵
-
\??\c:\1nnhhh.exec:\1nnhhh.exe98⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe99⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe100⤵
-
\??\c:\5frlxxr.exec:\5frlxxr.exe101⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe102⤵
-
\??\c:\5pvjd.exec:\5pvjd.exe103⤵
-
\??\c:\dvppd.exec:\dvppd.exe104⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe105⤵
-
\??\c:\5rfxfxr.exec:\5rfxfxr.exe106⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe107⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe108⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe109⤵
-
\??\c:\xrllffr.exec:\xrllffr.exe110⤵
-
\??\c:\5flrrxx.exec:\5flrrxx.exe111⤵
-
\??\c:\7bhhbb.exec:\7bhhbb.exe112⤵
-
\??\c:\hnbbnh.exec:\hnbbnh.exe113⤵
-
\??\c:\1pvdv.exec:\1pvdv.exe114⤵
-
\??\c:\1xrfrlf.exec:\1xrfrlf.exe115⤵
-
\??\c:\fxfxrrf.exec:\fxfxrrf.exe116⤵
-
\??\c:\tnnhbn.exec:\tnnhbn.exe117⤵
-
\??\c:\htbthh.exec:\htbthh.exe118⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe119⤵
-
\??\c:\3lxrrrr.exec:\3lxrrrr.exe120⤵
-
\??\c:\fxfxrfx.exec:\fxfxrfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-