Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09/10/2024, 04:39
General
-
Target
20195c446f196b9c432711fd9a43afa030d6fef2592c118a917263a837a5f90dN.exe
-
Size
58KB
-
MD5
3ba6e13019fc9c7e00737011b0121900
-
SHA1
5bc364daad008097fd6e7fec5696b61e792fca30
-
SHA256
20195c446f196b9c432711fd9a43afa030d6fef2592c118a917263a837a5f90d
-
SHA512
75cd641f503c5ab2654104089815354bce0e84c5bfa1dc272ffa5c62bf90920f5242453741800395872ffcc98208b87d55f533353da12241347fc0ee798f0f70
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFY3k:ymb3NkkiQ3mdBjFIFWk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20195c446f196b9c432711fd9a43afa030d6fef2592c118a917263a837a5f90dN.exe"C:\Users\Admin\AppData\Local\Temp\20195c446f196b9c432711fd9a43afa030d6fef2592c118a917263a837a5f90dN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxx.exec:\xflfxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhb.exec:\hbtnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbhb.exec:\htbbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffx.exec:\lflfffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlffx.exec:\lxrlffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbb.exec:\nhbnbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnnn.exec:\5ntnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llfxxr.exec:\9llfxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbt.exec:\bbtnbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthb.exec:\hbnthb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrx.exec:\rllfxrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnbt.exec:\9btnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\5rxlxrx.exec:\5rxlxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\1hbtnn.exec:\1hbtnn.exe26⤵
- Executes dropped EXE
-
\??\c:\5dvjv.exec:\5dvjv.exe27⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe28⤵
- Executes dropped EXE
-
\??\c:\frlfffx.exec:\frlfffx.exe29⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe30⤵
- Executes dropped EXE
-
\??\c:\7jpjj.exec:\7jpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\flrfrlx.exec:\flrfrlx.exe32⤵
- Executes dropped EXE
-
\??\c:\rffxlrf.exec:\rffxlrf.exe33⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe37⤵
- Executes dropped EXE
-
\??\c:\9rrlfxr.exec:\9rrlfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\3hnhnh.exec:\3hnhnh.exe39⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe41⤵
- Executes dropped EXE
-
\??\c:\rrrrlfx.exec:\rrrrlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\thnbhh.exec:\thnbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\xlllfxr.exec:\xlllfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\bhnttn.exec:\bhnttn.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xlffxlf.exec:\xlffxlf.exe51⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe52⤵
- Executes dropped EXE
-
\??\c:\bbbnnn.exec:\bbbnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe54⤵
- Executes dropped EXE
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhtbt.exec:\bbhtbt.exe57⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\rrlfffr.exec:\rrlfffr.exe59⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxfrlfx.exec:\xxfrlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\rfrxxlf.exec:\rfrxxlf.exe64⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe66⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe67⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe68⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe69⤵
-
\??\c:\thnthn.exec:\thnthn.exe70⤵
-
\??\c:\frrrxrr.exec:\frrrxrr.exe71⤵
-
\??\c:\nthtnh.exec:\nthtnh.exe72⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe73⤵
-
\??\c:\flrfxxx.exec:\flrfxxx.exe74⤵
-
\??\c:\xlrrlfx.exec:\xlrrlfx.exe75⤵
-
\??\c:\hbtbth.exec:\hbtbth.exe76⤵
-
\??\c:\7nnbtn.exec:\7nnbtn.exe77⤵
-
\??\c:\jvddv.exec:\jvddv.exe78⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe79⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe80⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe81⤵
-
\??\c:\pppdp.exec:\pppdp.exe82⤵
-
\??\c:\xfffrxf.exec:\xfffrxf.exe83⤵
-
\??\c:\rfrlfff.exec:\rfrlfff.exe84⤵
-
\??\c:\nbthbb.exec:\nbthbb.exe85⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe86⤵
-
\??\c:\lllfrfx.exec:\lllfrfx.exe87⤵
-
\??\c:\xxxrxrr.exec:\xxxrxrr.exe88⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe89⤵
-
\??\c:\nntntt.exec:\nntntt.exe90⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe91⤵
-
\??\c:\rllrrrx.exec:\rllrrrx.exe92⤵
-
\??\c:\rfxflfx.exec:\rfxflfx.exe93⤵
-
\??\c:\9tbbtt.exec:\9tbbtt.exe94⤵
-
\??\c:\3htnhb.exec:\3htnhb.exe95⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe96⤵
-
\??\c:\ffllffx.exec:\ffllffx.exe97⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe98⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe99⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe100⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe101⤵
-
\??\c:\xxxrrrf.exec:\xxxrrrf.exe102⤵
-
\??\c:\xllfxxl.exec:\xllfxxl.exe103⤵
-
\??\c:\nbbhnn.exec:\nbbhnn.exe104⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe105⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe106⤵
-
\??\c:\fffxfff.exec:\fffxfff.exe107⤵
-
\??\c:\lflrlrl.exec:\lflrlrl.exe108⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe109⤵
-
\??\c:\djvvv.exec:\djvvv.exe110⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe111⤵
-
\??\c:\xflfrrr.exec:\xflfrrr.exe112⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe113⤵
-
\??\c:\thttnh.exec:\thttnh.exe114⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe115⤵
-
\??\c:\nntthb.exec:\nntthb.exe116⤵
-
\??\c:\1hhhtn.exec:\1hhhtn.exe117⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe118⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe119⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe120⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-