Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-11-2024 22:46
General
-
Target
84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538N.exe
-
Size
70KB
-
MD5
5460e8f86f5cb913e24c019de9eaefd0
-
SHA1
c869024f828b4f6a88b5a3199436f7e104a3d5ac
-
SHA256
84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538
-
SHA512
75f0fa202907e462c4539e567db3d30d6086223c6a8d7e927cab0fcf2a3c39b5b28e8925bc1e6ff5b1dc5a4d45c3815619d04c963de1077da77ac7b5560104d6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3Ag:ymb3NkkiQ3mdBjFI46TQg
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538N.exe"C:\Users\Admin\AppData\Local\Temp\84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vxhnhrl.exec:\vxhnhrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbljtdn.exec:\bbljtdn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhtrtn.exec:\rhtrtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lftthx.exec:\lftthx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlrjlr.exec:\vlrjlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfnxnh.exec:\lfnxnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvft.exec:\jjvft.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rprnfxb.exec:\rprnfxb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vffxltn.exec:\vffxltn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvrnnbr.exec:\bvrnnbr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvxhj.exec:\pdvxhj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnlfx.exec:\xnlfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbxntv.exec:\pbxntv.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dnjbbnx.exec:\dnjbbnx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btvlxbp.exec:\btvlxbp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tddnvfb.exec:\tddnvfb.exe17⤵
- Executes dropped EXE
-
\??\c:\bbjbdrd.exec:\bbjbdrd.exe18⤵
- Executes dropped EXE
-
\??\c:\xpprbhn.exec:\xpprbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\dvbbd.exec:\dvbbd.exe20⤵
- Executes dropped EXE
-
\??\c:\xhhrr.exec:\xhhrr.exe21⤵
- Executes dropped EXE
-
\??\c:\fhfpbh.exec:\fhfpbh.exe22⤵
- Executes dropped EXE
-
\??\c:\vrdrvn.exec:\vrdrvn.exe23⤵
- Executes dropped EXE
-
\??\c:\phnjfd.exec:\phnjfd.exe24⤵
- Executes dropped EXE
-
\??\c:\xhdtb.exec:\xhdtb.exe25⤵
- Executes dropped EXE
-
\??\c:\jxfjrj.exec:\jxfjrj.exe26⤵
- Executes dropped EXE
-
\??\c:\lnrjd.exec:\lnrjd.exe27⤵
- Executes dropped EXE
-
\??\c:\djpbfdr.exec:\djpbfdr.exe28⤵
- Executes dropped EXE
-
\??\c:\btjjh.exec:\btjjh.exe29⤵
- Executes dropped EXE
-
\??\c:\bxlbjv.exec:\bxlbjv.exe30⤵
- Executes dropped EXE
-
\??\c:\dnrtth.exec:\dnrtth.exe31⤵
- Executes dropped EXE
-
\??\c:\xdhlv.exec:\xdhlv.exe32⤵
- Executes dropped EXE
-
\??\c:\bbhtj.exec:\bbhtj.exe33⤵
- Executes dropped EXE
-
\??\c:\vbxbxn.exec:\vbxbxn.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdrh.exec:\vpdrh.exe35⤵
- Executes dropped EXE
-
\??\c:\jftxf.exec:\jftxf.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lnvrdl.exec:\lnvrdl.exe37⤵
- Executes dropped EXE
-
\??\c:\bvxtjjt.exec:\bvxtjjt.exe38⤵
- Executes dropped EXE
-
\??\c:\bdxbln.exec:\bdxbln.exe39⤵
- Executes dropped EXE
-
\??\c:\vnftfnx.exec:\vnftfnx.exe40⤵
- Executes dropped EXE
-
\??\c:\lbrtlvv.exec:\lbrtlvv.exe41⤵
- Executes dropped EXE
-
\??\c:\jtlnhtj.exec:\jtlnhtj.exe42⤵
- Executes dropped EXE
-
\??\c:\vbhxx.exec:\vbhxx.exe43⤵
- Executes dropped EXE
-
\??\c:\pxfthf.exec:\pxfthf.exe44⤵
- Executes dropped EXE
-
\??\c:\ffdrdhn.exec:\ffdrdhn.exe45⤵
- Executes dropped EXE
-
\??\c:\phrlr.exec:\phrlr.exe46⤵
- Executes dropped EXE
-
\??\c:\fpftpf.exec:\fpftpf.exe47⤵
- Executes dropped EXE
-
\??\c:\jbvfpj.exec:\jbvfpj.exe48⤵
- Executes dropped EXE
-
\??\c:\nxbvbb.exec:\nxbvbb.exe49⤵
- Executes dropped EXE
-
\??\c:\ftpfn.exec:\ftpfn.exe50⤵
- Executes dropped EXE
-
\??\c:\xtnvt.exec:\xtnvt.exe51⤵
- Executes dropped EXE
-
\??\c:\xrvrh.exec:\xrvrh.exe52⤵
- Executes dropped EXE
-
\??\c:\rnhvh.exec:\rnhvh.exe53⤵
- Executes dropped EXE
-
\??\c:\dltnbx.exec:\dltnbx.exe54⤵
- Executes dropped EXE
-
\??\c:\rbflxl.exec:\rbflxl.exe55⤵
- Executes dropped EXE
-
\??\c:\njlrlp.exec:\njlrlp.exe56⤵
- Executes dropped EXE
-
\??\c:\ntxld.exec:\ntxld.exe57⤵
- Executes dropped EXE
-
\??\c:\rxpvhl.exec:\rxpvhl.exe58⤵
- Executes dropped EXE
-
\??\c:\xlvdf.exec:\xlvdf.exe59⤵
- Executes dropped EXE
-
\??\c:\rrffnbv.exec:\rrffnbv.exe60⤵
- Executes dropped EXE
-
\??\c:\jvtpl.exec:\jvtpl.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hnjnp.exec:\hnjnp.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfxl.exec:\fxfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjrnbb.exec:\pdjrnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\rlbbntt.exec:\rlbbntt.exe65⤵
- Executes dropped EXE
-
\??\c:\nxfhn.exec:\nxfhn.exe66⤵
-
\??\c:\pfrrj.exec:\pfrrj.exe67⤵
-
\??\c:\hllpjj.exec:\hllpjj.exe68⤵
-
\??\c:\jlhnt.exec:\jlhnt.exe69⤵
-
\??\c:\hvxtdb.exec:\hvxtdb.exe70⤵
-
\??\c:\frnjvl.exec:\frnjvl.exe71⤵
-
\??\c:\bprrxjh.exec:\bprrxjh.exe72⤵
-
\??\c:\ftttdp.exec:\ftttdp.exe73⤵
-
\??\c:\fbfvbfv.exec:\fbfvbfv.exe74⤵
-
\??\c:\prtfbhn.exec:\prtfbhn.exe75⤵
-
\??\c:\xxvljl.exec:\xxvljl.exe76⤵
-
\??\c:\nfhvxxd.exec:\nfhvxxd.exe77⤵
-
\??\c:\lvrlhfb.exec:\lvrlhfb.exe78⤵
-
\??\c:\bjnrdjx.exec:\bjnrdjx.exe79⤵
-
\??\c:\hrtdrbd.exec:\hrtdrbd.exe80⤵
-
\??\c:\xpnfvt.exec:\xpnfvt.exe81⤵
-
\??\c:\bxjlfff.exec:\bxjlfff.exe82⤵
-
\??\c:\jnrjb.exec:\jnrjb.exe83⤵
-
\??\c:\vpdtph.exec:\vpdtph.exe84⤵
-
\??\c:\xxllrp.exec:\xxllrp.exe85⤵
-
\??\c:\tntvx.exec:\tntvx.exe86⤵
-
\??\c:\vfhxlrh.exec:\vfhxlrh.exe87⤵
-
\??\c:\rpxhn.exec:\rpxhn.exe88⤵
-
\??\c:\njjvt.exec:\njjvt.exe89⤵
-
\??\c:\ddlhjpt.exec:\ddlhjpt.exe90⤵
-
\??\c:\frpvdj.exec:\frpvdj.exe91⤵
-
\??\c:\dxvjn.exec:\dxvjn.exe92⤵
-
\??\c:\xphlrtb.exec:\xphlrtb.exe93⤵
-
\??\c:\bdnfbn.exec:\bdnfbn.exe94⤵
-
\??\c:\xfptlh.exec:\xfptlh.exe95⤵
-
\??\c:\pvxxxh.exec:\pvxxxh.exe96⤵
-
\??\c:\bvbppn.exec:\bvbppn.exe97⤵
-
\??\c:\nffvht.exec:\nffvht.exe98⤵
-
\??\c:\rvrnvn.exec:\rvrnvn.exe99⤵
-
\??\c:\jfrpl.exec:\jfrpl.exe100⤵
-
\??\c:\nntvbp.exec:\nntvbp.exe101⤵
-
\??\c:\lfpnnvb.exec:\lfpnnvb.exe102⤵
-
\??\c:\pbrxjn.exec:\pbrxjn.exe103⤵
-
\??\c:\ttlxdl.exec:\ttlxdl.exe104⤵
-
\??\c:\ljpltpt.exec:\ljpltpt.exe105⤵
-
\??\c:\hddhfv.exec:\hddhfv.exe106⤵
-
\??\c:\ldfhp.exec:\ldfhp.exe107⤵
-
\??\c:\drxbvdt.exec:\drxbvdt.exe108⤵
-
\??\c:\thvllrb.exec:\thvllrb.exe109⤵
-
\??\c:\nfbhprb.exec:\nfbhprb.exe110⤵
-
\??\c:\frffvb.exec:\frffvb.exe111⤵
-
\??\c:\tnjpjlh.exec:\tnjpjlh.exe112⤵
-
\??\c:\lbvnhvl.exec:\lbvnhvl.exe113⤵
-
\??\c:\jfjlrf.exec:\jfjlrf.exe114⤵
-
\??\c:\jdfdxpn.exec:\jdfdxpn.exe115⤵
-
\??\c:\jpvhd.exec:\jpvhd.exe116⤵
-
\??\c:\tvrhbdf.exec:\tvrhbdf.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vfptf.exec:\vfptf.exe118⤵
-
\??\c:\xlxllhj.exec:\xlxllhj.exe119⤵
-
\??\c:\lfvptf.exec:\lfvptf.exe120⤵
-
\??\c:\httvhpx.exec:\httvhpx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-