Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09-10-2024 23:01
General
-
Target
899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe
-
Size
82KB
-
MD5
f4f8241fc9d81bfd489ebead911bd6bb
-
SHA1
33500321b4f7a3fa6d059f6df286434dac12320f
-
SHA256
899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106
-
SHA512
dc09e95e0a13011ad9255c39f5ea1ee6abf6a10072b520990f77b2bd108c89e04fc62e35f489acb72469d4ef568e03314fafea261223629d08b6c17ec33757a5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q1:ymb3NkkiQ3mdBjFIIp9L9QrrA82
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe"C:\Users\Admin\AppData\Local\Temp\899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpp.exec:\vdvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0600222.exec:\0600222.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20664.exec:\20664.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffff.exec:\rlfffff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w68604.exec:\w68604.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4022660.exec:\4022660.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpj.exec:\jjjpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g8442.exec:\g8442.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjj.exec:\jvpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c244882.exec:\c244882.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllllf.exec:\xxllllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbthh.exec:\thbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdjp.exec:\5vdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\868222.exec:\868222.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g2042.exec:\g2042.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbthh.exec:\bnbthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvv.exec:\ddjvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w44486.exec:\w44486.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\624482.exec:\624482.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u826824.exec:\u826824.exe23⤵
- Executes dropped EXE
-
\??\c:\062020.exec:\062020.exe24⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe25⤵
- Executes dropped EXE
-
\??\c:\280802.exec:\280802.exe26⤵
- Executes dropped EXE
-
\??\c:\w22604.exec:\w22604.exe27⤵
- Executes dropped EXE
-
\??\c:\46604.exec:\46604.exe28⤵
- Executes dropped EXE
-
\??\c:\xllfxlf.exec:\xllfxlf.exe29⤵
- Executes dropped EXE
-
\??\c:\9btnhh.exec:\9btnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\xfxlllx.exec:\xfxlllx.exe31⤵
- Executes dropped EXE
-
\??\c:\e40060.exec:\e40060.exe32⤵
- Executes dropped EXE
-
\??\c:\u006826.exec:\u006826.exe33⤵
- Executes dropped EXE
-
\??\c:\466460.exec:\466460.exe34⤵
- Executes dropped EXE
-
\??\c:\lrllxfx.exec:\lrllxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\20064.exec:\20064.exe36⤵
- Executes dropped EXE
-
\??\c:\20040.exec:\20040.exe37⤵
- Executes dropped EXE
-
\??\c:\nbnbhb.exec:\nbnbhb.exe38⤵
- Executes dropped EXE
-
\??\c:\46608.exec:\46608.exe39⤵
- Executes dropped EXE
-
\??\c:\s8868.exec:\s8868.exe40⤵
- Executes dropped EXE
-
\??\c:\6262224.exec:\6262224.exe41⤵
- Executes dropped EXE
-
\??\c:\u682884.exec:\u682884.exe42⤵
- Executes dropped EXE
-
\??\c:\6848664.exec:\6848664.exe43⤵
- Executes dropped EXE
-
\??\c:\5lfxrlf.exec:\5lfxrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\686406.exec:\686406.exe45⤵
- Executes dropped EXE
-
\??\c:\2608268.exec:\2608268.exe46⤵
- Executes dropped EXE
-
\??\c:\0288448.exec:\0288448.exe47⤵
- Executes dropped EXE
-
\??\c:\rxxrrrf.exec:\rxxrrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe49⤵
- Executes dropped EXE
-
\??\c:\6028446.exec:\6028446.exe50⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe52⤵
- Executes dropped EXE
-
\??\c:\4282262.exec:\4282262.exe53⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxrfxl.exec:\xrxrfxl.exe55⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\426248.exec:\426248.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\20660.exec:\20660.exe59⤵
- Executes dropped EXE
-
\??\c:\w82608.exec:\w82608.exe60⤵
- Executes dropped EXE
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe61⤵
- Executes dropped EXE
-
\??\c:\0208428.exec:\0208428.exe62⤵
- Executes dropped EXE
-
\??\c:\i688604.exec:\i688604.exe63⤵
- Executes dropped EXE
-
\??\c:\tnnbhb.exec:\tnnbhb.exe64⤵
- Executes dropped EXE
-
\??\c:\7nnhtn.exec:\7nnhtn.exe65⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe66⤵
-
\??\c:\44004.exec:\44004.exe67⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe68⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe69⤵
-
\??\c:\w66482.exec:\w66482.exe70⤵
-
\??\c:\lfxrfff.exec:\lfxrfff.exe71⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe72⤵
-
\??\c:\btbnht.exec:\btbnht.exe73⤵
-
\??\c:\082424.exec:\082424.exe74⤵
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe75⤵
-
\??\c:\g4084.exec:\g4084.exe76⤵
-
\??\c:\lxfrrlx.exec:\lxfrrlx.exe77⤵
-
\??\c:\4000848.exec:\4000848.exe78⤵
-
\??\c:\1hthbn.exec:\1hthbn.exe79⤵
-
\??\c:\6246868.exec:\6246868.exe80⤵
-
\??\c:\a0262.exec:\a0262.exe81⤵
-
\??\c:\888608.exec:\888608.exe82⤵
-
\??\c:\8066220.exec:\8066220.exe83⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe84⤵
-
\??\c:\lxrfxrf.exec:\lxrfxrf.exe85⤵
-
\??\c:\488860.exec:\488860.exe86⤵
-
\??\c:\2648042.exec:\2648042.exe87⤵
-
\??\c:\lxxrlfr.exec:\lxxrlfr.exe88⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe89⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe90⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe91⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe92⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe93⤵
-
\??\c:\868604.exec:\868604.exe94⤵
-
\??\c:\4264882.exec:\4264882.exe95⤵
-
\??\c:\462666.exec:\462666.exe96⤵
-
\??\c:\0882462.exec:\0882462.exe97⤵
-
\??\c:\c464882.exec:\c464882.exe98⤵
-
\??\c:\e60426.exec:\e60426.exe99⤵
-
\??\c:\3rrlfrf.exec:\3rrlfrf.exe100⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe101⤵
-
\??\c:\6864202.exec:\6864202.exe102⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe103⤵
-
\??\c:\7nhhht.exec:\7nhhht.exe104⤵
-
\??\c:\8264482.exec:\8264482.exe105⤵
-
\??\c:\628848.exec:\628848.exe106⤵
-
\??\c:\888866.exec:\888866.exe107⤵
-
\??\c:\0068064.exec:\0068064.exe108⤵
-
\??\c:\rfrflfr.exec:\rfrflfr.exe109⤵
-
\??\c:\g2422.exec:\g2422.exe110⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe111⤵
-
\??\c:\w02248.exec:\w02248.exe112⤵
-
\??\c:\rfxxfxx.exec:\rfxxfxx.exe113⤵
-
\??\c:\tbtnnh.exec:\tbtnnh.exe114⤵
-
\??\c:\444820.exec:\444820.exe115⤵
-
\??\c:\bnnbnt.exec:\bnnbnt.exe116⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe117⤵
-
\??\c:\268264.exec:\268264.exe118⤵
-
\??\c:\82264.exec:\82264.exe119⤵
-
\??\c:\bntbth.exec:\bntbth.exe120⤵
-
\??\c:\s0402.exec:\s0402.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-