Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11/10/2024, 23:54
General
-
Target
8752ff9ed056bc1a43a266667a39fbc36a7a54172f1ce8f0dcda207366268360.exe
-
Size
64KB
-
MD5
c2066d2f26e997746ff705e97ee5f1f6
-
SHA1
afd70f409acb50eeb435564aac347e15dc0d36d0
-
SHA256
8752ff9ed056bc1a43a266667a39fbc36a7a54172f1ce8f0dcda207366268360
-
SHA512
c899d5705568ddb84d349555d3e4d0abc8caec2555e52bf2287a96f7cff23e8b43182b1df61ba9c36417812d159e13ef395d02050f4f8d682e308d013438d7e3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiv:ymb3NkkiQ3mdBjF0y7kbc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8752ff9ed056bc1a43a266667a39fbc36a7a54172f1ce8f0dcda207366268360.exe"C:\Users\Admin\AppData\Local\Temp\8752ff9ed056bc1a43a266667a39fbc36a7a54172f1ce8f0dcda207366268360.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffrlrl.exec:\5ffrlrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfrll.exec:\flrfrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhbn.exec:\hbbhbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnh.exec:\hbbtnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthth.exec:\btthth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhthb.exec:\thhthb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfxrf.exec:\lxxfxrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrxxl.exec:\9xxrxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnnb.exec:\nhbnnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxrlf.exec:\fllxrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxlxxl.exec:\7xxlxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnnhb.exec:\tnnnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\3vvjv.exec:\3vvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\xfflfrf.exec:\xfflfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\ttnhbn.exec:\ttnhbn.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjvv.exec:\vjjvv.exe28⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\xrfxrff.exec:\xrfxrff.exe30⤵
- Executes dropped EXE
-
\??\c:\5hnnhh.exec:\5hnnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe32⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\1rrlxxr.exec:\1rrlxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\bthnhb.exec:\bthnhb.exe35⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe37⤵
- Executes dropped EXE
-
\??\c:\xxlflfl.exec:\xxlflfl.exe38⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\5hbtnh.exec:\5hbtnh.exe41⤵
- Executes dropped EXE
-
\??\c:\bhhbhn.exec:\bhhbhn.exe42⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe44⤵
- Executes dropped EXE
-
\??\c:\xfrllll.exec:\xfrllll.exe45⤵
- Executes dropped EXE
-
\??\c:\5tnnhh.exec:\5tnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\nnhnhh.exec:\nnhnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\5jvjp.exec:\5jvjp.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe49⤵
- Executes dropped EXE
-
\??\c:\1flfxxr.exec:\1flfxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\1hhhbb.exec:\1hhhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe53⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\rrxrffr.exec:\rrxrffr.exe55⤵
- Executes dropped EXE
-
\??\c:\1lllrrx.exec:\1lllrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\tbbbhb.exec:\tbbbhb.exe57⤵
- Executes dropped EXE
-
\??\c:\hnttth.exec:\hnttth.exe58⤵
- Executes dropped EXE
-
\??\c:\5ddvj.exec:\5ddvj.exe59⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\1llfrrl.exec:\1llfrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxrxxr.exec:\lfxrxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\3ntnht.exec:\3ntnht.exe63⤵
- Executes dropped EXE
-
\??\c:\hnhthh.exec:\hnhthh.exe64⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe65⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe66⤵
-
\??\c:\lxxrrlr.exec:\lxxrrlr.exe67⤵
-
\??\c:\1rxrxxr.exec:\1rxrxxr.exe68⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe69⤵
-
\??\c:\hbbnbb.exec:\hbbnbb.exe70⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe71⤵
-
\??\c:\pppjd.exec:\pppjd.exe72⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe73⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe74⤵
-
\??\c:\xxxxffl.exec:\xxxxffl.exe75⤵
-
\??\c:\nbnhtb.exec:\nbnhtb.exe76⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe77⤵
-
\??\c:\1dddv.exec:\1dddv.exe78⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe79⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe80⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe81⤵
-
\??\c:\hntbtt.exec:\hntbtt.exe82⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe83⤵
-
\??\c:\jdddv.exec:\jdddv.exe84⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe85⤵
-
\??\c:\frrlrrl.exec:\frrlrrl.exe86⤵
-
\??\c:\3hhbbt.exec:\3hhbbt.exe87⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe88⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe89⤵
-
\??\c:\dppjd.exec:\dppjd.exe90⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe91⤵
-
\??\c:\flffxrr.exec:\flffxrr.exe92⤵
-
\??\c:\bhhnbn.exec:\bhhnbn.exe93⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe94⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe95⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe96⤵
-
\??\c:\5fffxxr.exec:\5fffxxr.exe97⤵
-
\??\c:\7llfffx.exec:\7llfffx.exe98⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe99⤵
-
\??\c:\1hhhhn.exec:\1hhhhn.exe100⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe101⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe102⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe103⤵
-
\??\c:\rllfxll.exec:\rllfxll.exe104⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe105⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe106⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe107⤵
-
\??\c:\jddvd.exec:\jddvd.exe108⤵
-
\??\c:\1vppd.exec:\1vppd.exe109⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe110⤵
-
\??\c:\lxrrxll.exec:\lxrrxll.exe111⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe112⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe113⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe114⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe115⤵
-
\??\c:\1xxrfff.exec:\1xxrfff.exe116⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe117⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe118⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe119⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe120⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-