Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
13/10/2024, 19:12
General
-
Target
89c1b79e9c718fb243f2f43de9b1a9ae860627ec2a9f12949486e3b77633dc3dN.exe
-
Size
71KB
-
MD5
edf7d58ee39e666411a0e87af176b290
-
SHA1
bc98db6e8fbf547145fc400f72d20455933f31d7
-
SHA256
89c1b79e9c718fb243f2f43de9b1a9ae860627ec2a9f12949486e3b77633dc3d
-
SHA512
009568d3a9a6fb91bc4c172a61d6773b9e8c969f567b6ed73eb88703f73a7a7874e39306203152677e1eb79bfe13c3b1db9c702f14b5d8bfa66def47fb8cecc8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj9:ymb3NkkiQ3mdBjFI4VN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\89c1b79e9c718fb243f2f43de9b1a9ae860627ec2a9f12949486e3b77633dc3dN.exe"C:\Users\Admin\AppData\Local\Temp\89c1b79e9c718fb243f2f43de9b1a9ae860627ec2a9f12949486e3b77633dc3dN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttbtt.exec:\9ttbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrrf.exec:\rllxrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllffff.exec:\fllffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfrr.exec:\lxxlfrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbbn.exec:\hnbbbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrrfl.exec:\xllrrfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nntbh.exec:\9nntbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrff.exec:\xrfxrff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbt.exec:\hbtnbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddp.exec:\djddp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrfxr.exec:\lrrrfxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xllffx.exec:\7xllffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhbb.exec:\hnhhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpp.exec:\jjvpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjv.exec:\pdvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\xxxlxfr.exec:\xxxlxfr.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbbthb.exec:\tbbthb.exe25⤵
- Executes dropped EXE
-
\??\c:\xffxlfr.exec:\xffxlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe28⤵
- Executes dropped EXE
-
\??\c:\rlrllfx.exec:\rlrllfx.exe29⤵
- Executes dropped EXE
-
\??\c:\7rfxlfx.exec:\7rfxlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\rflxlfr.exec:\rflxlfr.exe34⤵
- Executes dropped EXE
-
\??\c:\bhbtnn.exec:\bhbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\ntbbnt.exec:\ntbbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\djppd.exec:\djppd.exe37⤵
- Executes dropped EXE
-
\??\c:\9xrfxrl.exec:\9xrfxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\rllxrfx.exec:\rllxrfx.exe39⤵
- Executes dropped EXE
-
\??\c:\ntthtb.exec:\ntthtb.exe40⤵
- Executes dropped EXE
-
\??\c:\5tttnh.exec:\5tttnh.exe41⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe42⤵
- Executes dropped EXE
-
\??\c:\rxrlxxx.exec:\rxrlxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\frfxxrx.exec:\frfxxrx.exe44⤵
- Executes dropped EXE
-
\??\c:\tnttbt.exec:\tnttbt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe47⤵
- Executes dropped EXE
-
\??\c:\xrxxxlr.exec:\xrxxxlr.exe48⤵
- Executes dropped EXE
-
\??\c:\7hbthh.exec:\7hbthh.exe49⤵
- Executes dropped EXE
-
\??\c:\tntnbt.exec:\tntnbt.exe50⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe51⤵
- Executes dropped EXE
-
\??\c:\3xrxrxr.exec:\3xrxrxr.exe52⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe55⤵
- Executes dropped EXE
-
\??\c:\5djvv.exec:\5djvv.exe56⤵
- Executes dropped EXE
-
\??\c:\7llxfxl.exec:\7llxfxl.exe57⤵
- Executes dropped EXE
-
\??\c:\bntntn.exec:\bntntn.exe58⤵
- Executes dropped EXE
-
\??\c:\thhbnn.exec:\thhbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxfxf.exec:\lffxfxf.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\3tbbtn.exec:\3tbbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\3nnhhh.exec:\3nnhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe66⤵
- Executes dropped EXE
-
\??\c:\fffxxrr.exec:\fffxxrr.exe67⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe68⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe69⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe70⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe71⤵
-
\??\c:\xlrxxlf.exec:\xlrxxlf.exe72⤵
-
\??\c:\hbhtnh.exec:\hbhtnh.exe73⤵
-
\??\c:\lflrfrr.exec:\lflrfrr.exe74⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe75⤵
-
\??\c:\7hbthh.exec:\7hbthh.exe76⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe77⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe78⤵
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe79⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe80⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe81⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe82⤵
-
\??\c:\pjppp.exec:\pjppp.exe83⤵
-
\??\c:\fxfxxrf.exec:\fxfxxrf.exe84⤵
-
\??\c:\tntttt.exec:\tntttt.exe85⤵
-
\??\c:\nttttt.exec:\nttttt.exe86⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe87⤵
-
\??\c:\1fxxrxr.exec:\1fxxrxr.exe88⤵
-
\??\c:\3rfrffr.exec:\3rfrffr.exe89⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe90⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe91⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe92⤵
-
\??\c:\xrllxxr.exec:\xrllxxr.exe93⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe94⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe95⤵
-
\??\c:\vddvp.exec:\vddvp.exe96⤵
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe97⤵
-
\??\c:\rxlxlfl.exec:\rxlxlfl.exe98⤵
-
\??\c:\hhhbnt.exec:\hhhbnt.exe99⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe100⤵
-
\??\c:\3pppj.exec:\3pppj.exe101⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe102⤵
-
\??\c:\lllfrrr.exec:\lllfrrr.exe103⤵
-
\??\c:\9ffffll.exec:\9ffffll.exe104⤵
-
\??\c:\9hnnnn.exec:\9hnnnn.exe105⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe106⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe107⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe108⤵
-
\??\c:\lfrlxlf.exec:\lfrlxlf.exe109⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe110⤵
-
\??\c:\ttnhhb.exec:\ttnhhb.exe111⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe112⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe113⤵
-
\??\c:\1lfxrlf.exec:\1lfxrlf.exe114⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe115⤵
-
\??\c:\hnnntt.exec:\hnnntt.exe116⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe117⤵
-
\??\c:\djjvj.exec:\djjvj.exe118⤵
-
\??\c:\fxlffrl.exec:\fxlffrl.exe119⤵
-
\??\c:\tbnbth.exec:\tbnbth.exe120⤵
-
\??\c:\bbthhh.exec:\bbthhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-