Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/10/2024, 10:07
General
-
Target
455b30a4b3b213f361b9b8a558f9dd7d6f793506d386551ed9a355d9d63bb20fN.exe
-
Size
76KB
-
MD5
919e3c76216dd15c75e50b07a4bc2050
-
SHA1
2947994fcec32371127d19d4a64218cb0c3ced12
-
SHA256
455b30a4b3b213f361b9b8a558f9dd7d6f793506d386551ed9a355d9d63bb20f
-
SHA512
1f2432c85b0faa06b01911533eb045c7c75bc53022a3fe4179766c465710b7dce0c7b5bbea33470a5eaf607024aba77e2ee504c94c213d4add2e4c1f01d3f88f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmP7y:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\455b30a4b3b213f361b9b8a558f9dd7d6f793506d386551ed9a355d9d63bb20fN.exe"C:\Users\Admin\AppData\Local\Temp\455b30a4b3b213f361b9b8a558f9dd7d6f793506d386551ed9a355d9d63bb20fN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrllf.exec:\xlrrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhtn.exec:\thhhtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbn.exec:\hhnhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpjj.exec:\9dpjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffl.exec:\lrrlffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntbbt.exec:\5ntbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpd.exec:\vdjpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrf.exec:\fxllrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnb.exec:\hhttnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbh.exec:\hbnhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtbb.exec:\ttbtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtb.exec:\nhbbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnbh.exec:\3nnnbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrrrl.exec:\xfxrrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbhh.exec:\3thbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhnt.exec:\3thhnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrr.exec:\fffxrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe25⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\3xffrxr.exec:\3xffrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe29⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\frrrrrr.exec:\frrrrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\htthtn.exec:\htthtn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe35⤵
- Executes dropped EXE
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\ntnbnn.exec:\ntnbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\3xrlxxr.exec:\3xrlxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxrrrf.exec:\xrxrrrf.exe41⤵
- Executes dropped EXE
-
\??\c:\nhbthb.exec:\nhbthb.exe42⤵
- Executes dropped EXE
-
\??\c:\3bhbnh.exec:\3bhbnh.exe43⤵
- Executes dropped EXE
-
\??\c:\1llfxxr.exec:\1llfxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxrxxr.exec:\rrxrxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbthbt.exec:\nbthbt.exe46⤵
- Executes dropped EXE
-
\??\c:\vdvjd.exec:\vdvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe48⤵
- Executes dropped EXE
-
\??\c:\hthnnh.exec:\hthnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe50⤵
- Executes dropped EXE
-
\??\c:\vdpdv.exec:\vdpdv.exe51⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe52⤵
- Executes dropped EXE
-
\??\c:\llxrlfx.exec:\llxrlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\flrlfxr.exec:\flrlfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtbth.exec:\hbtbth.exe55⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\1vjdp.exec:\1vjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\vdvdd.exec:\vdvdd.exe58⤵
- Executes dropped EXE
-
\??\c:\xffrlfx.exec:\xffrlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\hntbhn.exec:\hntbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\llfllrr.exec:\llfllrr.exe64⤵
- Executes dropped EXE
-
\??\c:\7tttnt.exec:\7tttnt.exe65⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe66⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe67⤵
-
\??\c:\lfrffxl.exec:\lfrffxl.exe68⤵
-
\??\c:\7bhbht.exec:\7bhbht.exe69⤵
-
\??\c:\tbnnbh.exec:\tbnnbh.exe70⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe71⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe72⤵
-
\??\c:\frrrflf.exec:\frrrflf.exe73⤵
-
\??\c:\bnhhtn.exec:\bnhhtn.exe74⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe75⤵
-
\??\c:\3tthbt.exec:\3tthbt.exe76⤵
-
\??\c:\jppjd.exec:\jppjd.exe77⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe78⤵
-
\??\c:\1xxlxrf.exec:\1xxlxrf.exe79⤵
-
\??\c:\rrrffxr.exec:\rrrffxr.exe80⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe81⤵
-
\??\c:\htnhnn.exec:\htnhnn.exe82⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe83⤵
-
\??\c:\fllfrlf.exec:\fllfrlf.exe84⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe85⤵
-
\??\c:\bnhtbt.exec:\bnhtbt.exe86⤵
-
\??\c:\hnnbnh.exec:\hnnbnh.exe87⤵
-
\??\c:\3nntnn.exec:\3nntnn.exe88⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe89⤵
-
\??\c:\fffxlfx.exec:\fffxlfx.exe90⤵
-
\??\c:\httnnh.exec:\httnnh.exe91⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe92⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe93⤵
-
\??\c:\frrfrlx.exec:\frrfrlx.exe94⤵
-
\??\c:\rffrlfr.exec:\rffrlfr.exe95⤵
-
\??\c:\bbnnnh.exec:\bbnnnh.exe96⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe97⤵
-
\??\c:\9pvvj.exec:\9pvvj.exe98⤵
-
\??\c:\rlrrrff.exec:\rlrrrff.exe99⤵
-
\??\c:\xrffxxf.exec:\xrffxxf.exe100⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe101⤵
-
\??\c:\bbthtn.exec:\bbthtn.exe102⤵
-
\??\c:\djdvp.exec:\djdvp.exe103⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe104⤵
-
\??\c:\flxfxlr.exec:\flxfxlr.exe105⤵
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe106⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe107⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe108⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe109⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9rxlxrl.exec:\9rxlxrl.exe110⤵
-
\??\c:\lfrlxrl.exec:\lfrlxrl.exe111⤵
-
\??\c:\1hnbtn.exec:\1hnbtn.exe112⤵
-
\??\c:\tbtthb.exec:\tbtthb.exe113⤵
-
\??\c:\vppjv.exec:\vppjv.exe114⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe115⤵
-
\??\c:\rllrfxr.exec:\rllrfxr.exe116⤵
-
\??\c:\7nhbnh.exec:\7nhbnh.exe117⤵
-
\??\c:\3tnbht.exec:\3tnbht.exe118⤵
-
\??\c:\1pppj.exec:\1pppj.exe119⤵
-
\??\c:\rlrllfx.exec:\rlrllfx.exe120⤵
-
\??\c:\xrrffxr.exec:\xrrffxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-