Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22/11/2024, 05:37
General
-
Target
efd50b3a0fd41475d23ff86d24be6efeeb422ce0100cfa6190804df49197d66e.exe
-
Size
453KB
-
MD5
c5d9399bdf4980b8ad641ab5d17d8a98
-
SHA1
50035fa797db18a83cabb3911c7394f0ca052c36
-
SHA256
efd50b3a0fd41475d23ff86d24be6efeeb422ce0100cfa6190804df49197d66e
-
SHA512
30347dd145554dd1aed8a09b584542ea8b06e94ca8c7ef36fadd4793531f1fcbb95318e7a9974445e951b068e9b8e0eaf7393a6dad00c78da7b40edb9c77383a
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbetX:q7Tc2NYHUrAwfMp3CDtX
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\efd50b3a0fd41475d23ff86d24be6efeeb422ce0100cfa6190804df49197d66e.exe"C:\Users\Admin\AppData\Local\Temp\efd50b3a0fd41475d23ff86d24be6efeeb422ce0100cfa6190804df49197d66e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rbdnd.exec:\rbdnd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptjpl.exec:\ptjpl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lndhtf.exec:\lndhtf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtbrnpb.exec:\jtbrnpb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhjdvdb.exec:\jhjdvdb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdjxrth.exec:\bdjxrth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fldlrdn.exec:\fldlrdn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnrbl.exec:\rnrbl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvhrvnd.exec:\vvhrvnd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnjldjx.exec:\tnjldjx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltxxntb.exec:\ltxxntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljrftp.exec:\ljrftp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtnpxh.exec:\rtnpxh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdtlbd.exec:\xdtlbd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjhnd.exec:\fjhnd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pljlx.exec:\pljlx.exe17⤵
- Executes dropped EXE
-
\??\c:\ldffrnj.exec:\ldffrnj.exe18⤵
- Executes dropped EXE
-
\??\c:\xxlvlrd.exec:\xxlvlrd.exe19⤵
- Executes dropped EXE
-
\??\c:\rjjxp.exec:\rjjxp.exe20⤵
- Executes dropped EXE
-
\??\c:\jrtnhtl.exec:\jrtnhtl.exe21⤵
- Executes dropped EXE
-
\??\c:\vbfnxfd.exec:\vbfnxfd.exe22⤵
- Executes dropped EXE
-
\??\c:\jpnhnh.exec:\jpnhnh.exe23⤵
- Executes dropped EXE
-
\??\c:\lfldl.exec:\lfldl.exe24⤵
- Executes dropped EXE
-
\??\c:\rvhbbp.exec:\rvhbbp.exe25⤵
- Executes dropped EXE
-
\??\c:\njbtndt.exec:\njbtndt.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\njdvv.exec:\njdvv.exe27⤵
- Executes dropped EXE
-
\??\c:\nvlftl.exec:\nvlftl.exe28⤵
- Executes dropped EXE
-
\??\c:\xtvpj.exec:\xtvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\rpxdn.exec:\rpxdn.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jblhl.exec:\jblhl.exe31⤵
- Executes dropped EXE
-
\??\c:\bnflv.exec:\bnflv.exe32⤵
- Executes dropped EXE
-
\??\c:\hvvdlb.exec:\hvvdlb.exe33⤵
- Executes dropped EXE
-
\??\c:\fnlnj.exec:\fnlnj.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bfdntl.exec:\bfdntl.exe35⤵
- Executes dropped EXE
-
\??\c:\rjjvbp.exec:\rjjvbp.exe36⤵
- Executes dropped EXE
-
\??\c:\rbdvb.exec:\rbdvb.exe37⤵
- Executes dropped EXE
-
\??\c:\brjvftr.exec:\brjvftr.exe38⤵
- Executes dropped EXE
-
\??\c:\brrpt.exec:\brrpt.exe39⤵
- Executes dropped EXE
-
\??\c:\jjlpnl.exec:\jjlpnl.exe40⤵
- Executes dropped EXE
-
\??\c:\jrtdln.exec:\jrtdln.exe41⤵
- Executes dropped EXE
-
\??\c:\ttbvl.exec:\ttbvl.exe42⤵
- Executes dropped EXE
-
\??\c:\hppdr.exec:\hppdr.exe43⤵
- Executes dropped EXE
-
\??\c:\bplbj.exec:\bplbj.exe44⤵
- Executes dropped EXE
-
\??\c:\ltjnfph.exec:\ltjnfph.exe45⤵
- Executes dropped EXE
-
\??\c:\dvbllxh.exec:\dvbllxh.exe46⤵
- Executes dropped EXE
-
\??\c:\fdbnrlj.exec:\fdbnrlj.exe47⤵
- Executes dropped EXE
-
\??\c:\drvfh.exec:\drvfh.exe48⤵
- Executes dropped EXE
-
\??\c:\rjhbjb.exec:\rjhbjb.exe49⤵
- Executes dropped EXE
-
\??\c:\ldjrx.exec:\ldjrx.exe50⤵
- Executes dropped EXE
-
\??\c:\brdvpl.exec:\brdvpl.exe51⤵
- Executes dropped EXE
-
\??\c:\tfrvjj.exec:\tfrvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\rrfxldv.exec:\rrfxldv.exe53⤵
- Executes dropped EXE
-
\??\c:\nxvtnt.exec:\nxvtnt.exe54⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nnjtl.exec:\nnjtl.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfxvdj.exec:\rxfxvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\fpdfn.exec:\fpdfn.exe57⤵
- Executes dropped EXE
-
\??\c:\fnhntf.exec:\fnhntf.exe58⤵
- Executes dropped EXE
-
\??\c:\dfnxhp.exec:\dfnxhp.exe59⤵
- Executes dropped EXE
-
\??\c:\ljvtl.exec:\ljvtl.exe60⤵
- Executes dropped EXE
-
\??\c:\xtdbbb.exec:\xtdbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\hrpjnrt.exec:\hrpjnrt.exe62⤵
- Executes dropped EXE
-
\??\c:\jbftrn.exec:\jbftrn.exe63⤵
- Executes dropped EXE
-
\??\c:\brtdtth.exec:\brtdtth.exe64⤵
- Executes dropped EXE
-
\??\c:\nttrjfp.exec:\nttrjfp.exe65⤵
- Executes dropped EXE
-
\??\c:\dvnxddt.exec:\dvnxddt.exe66⤵
-
\??\c:\jptfd.exec:\jptfd.exe67⤵
-
\??\c:\lnlhh.exec:\lnlhh.exe68⤵
-
\??\c:\trrbf.exec:\trrbf.exe69⤵
-
\??\c:\dlvxt.exec:\dlvxt.exe70⤵
-
\??\c:\ppxfptl.exec:\ppxfptl.exe71⤵
-
\??\c:\fllnbf.exec:\fllnbf.exe72⤵
-
\??\c:\ptdrx.exec:\ptdrx.exe73⤵
-
\??\c:\dvvhn.exec:\dvvhn.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dffrfhx.exec:\dffrfhx.exe75⤵
-
\??\c:\dfpjdjb.exec:\dfpjdjb.exe76⤵
-
\??\c:\nhjjxd.exec:\nhjjxd.exe77⤵
-
\??\c:\fjjjpr.exec:\fjjjpr.exe78⤵
-
\??\c:\ddrxbnx.exec:\ddrxbnx.exe79⤵
-
\??\c:\vlrbp.exec:\vlrbp.exe80⤵
-
\??\c:\ldxnlfh.exec:\ldxnlfh.exe81⤵
-
\??\c:\vdrlh.exec:\vdrlh.exe82⤵
-
\??\c:\xrnrnr.exec:\xrnrnr.exe83⤵
-
\??\c:\bfjfr.exec:\bfjfr.exe84⤵
-
\??\c:\hlpfdlp.exec:\hlpfdlp.exe85⤵
-
\??\c:\xprfr.exec:\xprfr.exe86⤵
-
\??\c:\bfxrpbx.exec:\bfxrpbx.exe87⤵
-
\??\c:\lhfdj.exec:\lhfdj.exe88⤵
-
\??\c:\nxjxbjt.exec:\nxjxbjt.exe89⤵
-
\??\c:\hthph.exec:\hthph.exe90⤵
-
\??\c:\jjnpfnh.exec:\jjnpfnh.exe91⤵
-
\??\c:\ltxrvhb.exec:\ltxrvhb.exe92⤵
-
\??\c:\jlfntl.exec:\jlfntl.exe93⤵
-
\??\c:\xbbpvv.exec:\xbbpvv.exe94⤵
-
\??\c:\nhfhb.exec:\nhfhb.exe95⤵
-
\??\c:\dfxvr.exec:\dfxvr.exe96⤵
-
\??\c:\lhrvhd.exec:\lhrvhd.exe97⤵
-
\??\c:\dhvrdr.exec:\dhvrdr.exe98⤵
-
\??\c:\pdnfrj.exec:\pdnfrj.exe99⤵
-
\??\c:\rfhxnnl.exec:\rfhxnnl.exe100⤵
-
\??\c:\tlrtp.exec:\tlrtp.exe101⤵
-
\??\c:\jptdpvl.exec:\jptdpvl.exe102⤵
-
\??\c:\dxfpbld.exec:\dxfpbld.exe103⤵
-
\??\c:\lrrxhfb.exec:\lrrxhfb.exe104⤵
-
\??\c:\rnhtb.exec:\rnhtb.exe105⤵
-
\??\c:\rffplx.exec:\rffplx.exe106⤵
-
\??\c:\jvnvvvf.exec:\jvnvvvf.exe107⤵
-
\??\c:\lrfjlnt.exec:\lrfjlnt.exe108⤵
-
\??\c:\tdvprnt.exec:\tdvprnt.exe109⤵
-
\??\c:\fjdddjj.exec:\fjdddjj.exe110⤵
-
\??\c:\rbhdxtr.exec:\rbhdxtr.exe111⤵
-
\??\c:\ffppv.exec:\ffppv.exe112⤵
-
\??\c:\xfbvx.exec:\xfbvx.exe113⤵
-
\??\c:\jxbjtjb.exec:\jxbjtjb.exe114⤵
-
\??\c:\hjvtv.exec:\hjvtv.exe115⤵
-
\??\c:\hpfhdn.exec:\hpfhdn.exe116⤵
-
\??\c:\bxxpvp.exec:\bxxpvp.exe117⤵
-
\??\c:\brpdn.exec:\brpdn.exe118⤵
-
\??\c:\xjndf.exec:\xjndf.exe119⤵
-
\??\c:\vfvtbf.exec:\vfvtbf.exe120⤵
-
\??\c:\vjjhxf.exec:\vjjhxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-