Analysis
-
max time kernel
120s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09/10/2024, 16:36
General
-
Target
fc37ede157d3ba57cc8567e0df79e7e64ecdbebf7e4e254aed3844af387cfb37N.exe
-
Size
375KB
-
MD5
f32888e02ea69bdf923bf144684e2370
-
SHA1
4405ef9b18bdfa1c00387c444593c9af1f3e477e
-
SHA256
fc37ede157d3ba57cc8567e0df79e7e64ecdbebf7e4e254aed3844af387cfb37
-
SHA512
e0c5d5002b6f6acb97eac15fd85efef60ffc70dff55c429cec5902955c53b6abb846372edc2381a3587631e5677566969f10826bd99e4ddc2f2111139261bd07
-
SSDEEP
6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMk:n3C9uYA7i3/stR9HGYyvtTxTKMR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc37ede157d3ba57cc8567e0df79e7e64ecdbebf7e4e254aed3844af387cfb37N.exe"C:\Users\Admin\AppData\Local\Temp\fc37ede157d3ba57cc8567e0df79e7e64ecdbebf7e4e254aed3844af387cfb37N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbb.exec:\nhnnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnhb.exec:\nbbnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rllffx.exec:\7rllffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthnh.exec:\hnthnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpj.exec:\djvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflxx.exec:\rlfflxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvp.exec:\vjjvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrlll.exec:\llxrlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbt.exec:\thnhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthn.exec:\nnhthn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnhhh.exec:\7hnhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfffff.exec:\rxfffff.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnhh.exec:\thtnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvj.exec:\dvvvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrxxl.exec:\lrrrxxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe23⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrlfff.exec:\xfrlfff.exe25⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\3ppvd.exec:\3ppvd.exe27⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\tbhbnh.exec:\tbhbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe30⤵
- Executes dropped EXE
-
\??\c:\xfrllfx.exec:\xfrllfx.exe31⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\xllxrxr.exec:\xllxrxr.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\xfffxxx.exec:\xfffxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\1llffxr.exec:\1llffxr.exe36⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe37⤵
- Executes dropped EXE
-
\??\c:\vjdjd.exec:\vjdjd.exe38⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlllfr.exec:\rrlllfr.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnhtn.exec:\bbnhtn.exe41⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe42⤵
- Executes dropped EXE
-
\??\c:\rfrfxrl.exec:\rfrfxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxflxf.exec:\xrxflxf.exe46⤵
- Executes dropped EXE
-
\??\c:\nhttnh.exec:\nhttnh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe48⤵
- Executes dropped EXE
-
\??\c:\vjpjp.exec:\vjpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\9hbtnt.exec:\9hbtnt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe53⤵
- Executes dropped EXE
-
\??\c:\xrxrffx.exec:\xrxrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\bbttnh.exec:\bbttnh.exe55⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\1xfxrrl.exec:\1xfxrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\9thbbb.exec:\9thbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe60⤵
- Executes dropped EXE
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\llfxflr.exec:\llfxflr.exe64⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe66⤵
- Executes dropped EXE
-
\??\c:\7jvpp.exec:\7jvpp.exe67⤵
-
\??\c:\frrfxxr.exec:\frrfxxr.exe68⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe69⤵
-
\??\c:\3pppj.exec:\3pppj.exe70⤵
-
\??\c:\fxlfxrl.exec:\fxlfxrl.exe71⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe72⤵
-
\??\c:\9djdd.exec:\9djdd.exe73⤵
-
\??\c:\xxfxlfr.exec:\xxfxlfr.exe74⤵
-
\??\c:\ttbnbh.exec:\ttbnbh.exe75⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe76⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe77⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe78⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe79⤵
-
\??\c:\fxxrlxx.exec:\fxxrlxx.exe80⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe81⤵
-
\??\c:\9hnhhh.exec:\9hnhhh.exe82⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe83⤵
-
\??\c:\3lflllf.exec:\3lflllf.exe84⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe85⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe86⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe87⤵
-
\??\c:\5lrrlll.exec:\5lrrlll.exe88⤵
-
\??\c:\xllffff.exec:\xllffff.exe89⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe90⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe91⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe92⤵
-
\??\c:\flrrllx.exec:\flrrllx.exe93⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe94⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe95⤵
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe96⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe97⤵
-
\??\c:\3thbnh.exec:\3thbnh.exe98⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe99⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe100⤵
-
\??\c:\frxxrxx.exec:\frxxrxx.exe101⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe102⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe103⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe104⤵
-
\??\c:\flxrrrr.exec:\flxrrrr.exe105⤵
-
\??\c:\xrllfxx.exec:\xrllfxx.exe106⤵
-
\??\c:\bnhhbt.exec:\bnhhbt.exe107⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe108⤵
-
\??\c:\5ppdv.exec:\5ppdv.exe109⤵
-
\??\c:\xlxrfxr.exec:\xlxrfxr.exe110⤵
-
\??\c:\9ttnbb.exec:\9ttnbb.exe111⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe112⤵
-
\??\c:\vpppv.exec:\vpppv.exe113⤵
-
\??\c:\1rxxrrr.exec:\1rxxrrr.exe114⤵
-
\??\c:\xlffrrl.exec:\xlffrrl.exe115⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe116⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe117⤵
-
\??\c:\7jvpv.exec:\7jvpv.exe118⤵
-
\??\c:\xrxrflf.exec:\xrxrflf.exe119⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe120⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-