Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 19:58
General
-
Target
695df4f9eb709628fbaff8fde466997c6373d3efd15bb683bc580d8d60421f15.exe
-
Size
49KB
-
MD5
3b9eedf4db998c4f18a0c7ce94a47e44
-
SHA1
8e68b50ae5c2f8b589727f0c9135da44646f03d8
-
SHA256
695df4f9eb709628fbaff8fde466997c6373d3efd15bb683bc580d8d60421f15
-
SHA512
173fc95204b3924949ee001675e653b40e8cafdc3ef0f9b7e5d9e870067eb55b01c6d62ec5b73ab1740733d0ba7d07a50a066fb636246c48b16ae9808e2dbcfc
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5bx7DUa:0cdpeeBSHHMHLf9Rybx7D5
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\695df4f9eb709628fbaff8fde466997c6373d3efd15bb683bc580d8d60421f15.exe"C:\Users\Admin\AppData\Local\Temp\695df4f9eb709628fbaff8fde466997c6373d3efd15bb683bc580d8d60421f15.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtbb.exec:\tbbtbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrfr.exec:\xrlrrfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnn.exec:\bbttnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjv.exec:\vvpjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtt.exec:\bbhbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnn.exec:\bnttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdvv.exec:\3vdvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o022688.exec:\o022688.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k60660.exec:\k60660.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0060448.exec:\0060448.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\804208.exec:\804208.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8066666.exec:\8066666.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\088222.exec:\088222.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnnb.exec:\hhbnnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbtt.exec:\btnbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04002.exec:\04002.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k26660.exec:\k26660.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s8042.exec:\s8042.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htbtt.exec:\5htbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbh.exec:\tbhbbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o682288.exec:\o682288.exe23⤵
- Executes dropped EXE
-
\??\c:\e20060.exec:\e20060.exe24⤵
- Executes dropped EXE
-
\??\c:\0026222.exec:\0026222.exe25⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\5nthtn.exec:\5nthtn.exe27⤵
- Executes dropped EXE
-
\??\c:\7pvpv.exec:\7pvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\828204.exec:\828204.exe30⤵
- Executes dropped EXE
-
\??\c:\7bbtnb.exec:\7bbtnb.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrrxrx.exec:\ffrrxrx.exe32⤵
- Executes dropped EXE
-
\??\c:\9ffxxrr.exec:\9ffxxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\q62044.exec:\q62044.exe34⤵
- Executes dropped EXE
-
\??\c:\btbtht.exec:\btbtht.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\flxrllf.exec:\flxrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\i406460.exec:\i406460.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1lfxxrl.exec:\1lfxxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\488204.exec:\488204.exe40⤵
- Executes dropped EXE
-
\??\c:\6060882.exec:\6060882.exe41⤵
- Executes dropped EXE
-
\??\c:\3xrfxrf.exec:\3xrfxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\9nnbtn.exec:\9nnbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhbnh.exec:\hhhbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\80264.exec:\80264.exe45⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe46⤵
- Executes dropped EXE
-
\??\c:\6862600.exec:\6862600.exe47⤵
- Executes dropped EXE
-
\??\c:\6264286.exec:\6264286.exe48⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\26068.exec:\26068.exe50⤵
- Executes dropped EXE
-
\??\c:\thhtbn.exec:\thhtbn.exe51⤵
- Executes dropped EXE
-
\??\c:\m6824.exec:\m6824.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\040464.exec:\040464.exe54⤵
- Executes dropped EXE
-
\??\c:\480088.exec:\480088.exe55⤵
- Executes dropped EXE
-
\??\c:\20826.exec:\20826.exe56⤵
- Executes dropped EXE
-
\??\c:\lflfrlf.exec:\lflfrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe58⤵
- Executes dropped EXE
-
\??\c:\e28222.exec:\e28222.exe59⤵
- Executes dropped EXE
-
\??\c:\2460822.exec:\2460822.exe60⤵
- Executes dropped EXE
-
\??\c:\28482.exec:\28482.exe61⤵
- Executes dropped EXE
-
\??\c:\600004.exec:\600004.exe62⤵
- Executes dropped EXE
-
\??\c:\042280.exec:\042280.exe63⤵
- Executes dropped EXE
-
\??\c:\s8488.exec:\s8488.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\m0606.exec:\m0606.exe66⤵
-
\??\c:\tbtttn.exec:\tbtttn.exe67⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe68⤵
-
\??\c:\nttbbn.exec:\nttbbn.exe69⤵
-
\??\c:\9llllff.exec:\9llllff.exe70⤵
-
\??\c:\rxxllxl.exec:\rxxllxl.exe71⤵
-
\??\c:\48606.exec:\48606.exe72⤵
-
\??\c:\802862.exec:\802862.exe73⤵
-
\??\c:\q20426.exec:\q20426.exe74⤵
-
\??\c:\3ntnhn.exec:\3ntnhn.exe75⤵
-
\??\c:\6648880.exec:\6648880.exe76⤵
-
\??\c:\224620.exec:\224620.exe77⤵
-
\??\c:\o060048.exec:\o060048.exe78⤵
-
\??\c:\3nnnth.exec:\3nnnth.exe79⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe80⤵
-
\??\c:\8644246.exec:\8644246.exe81⤵
-
\??\c:\200420.exec:\200420.exe82⤵
-
\??\c:\864488.exec:\864488.exe83⤵
-
\??\c:\a4608.exec:\a4608.exe84⤵
-
\??\c:\llfxffl.exec:\llfxffl.exe85⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe86⤵
-
\??\c:\e46048.exec:\e46048.exe87⤵
-
\??\c:\xxxxllf.exec:\xxxxllf.exe88⤵
-
\??\c:\o600482.exec:\o600482.exe89⤵
-
\??\c:\o426660.exec:\o426660.exe90⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe91⤵
-
\??\c:\5pdvd.exec:\5pdvd.exe92⤵
-
\??\c:\q28448.exec:\q28448.exe93⤵
-
\??\c:\dppjd.exec:\dppjd.exe94⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe95⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe96⤵
-
\??\c:\7xrrrxx.exec:\7xrrrxx.exe97⤵
-
\??\c:\1xlffxr.exec:\1xlffxr.exe98⤵
-
\??\c:\5lxrllx.exec:\5lxrllx.exe99⤵
-
\??\c:\1btnhb.exec:\1btnhb.exe100⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe101⤵
-
\??\c:\242666.exec:\242666.exe102⤵
-
\??\c:\2208660.exec:\2208660.exe103⤵
-
\??\c:\28804.exec:\28804.exe104⤵
-
\??\c:\48482.exec:\48482.exe105⤵
-
\??\c:\068822.exec:\068822.exe106⤵
-
\??\c:\w28266.exec:\w28266.exe107⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe108⤵
-
\??\c:\828204.exec:\828204.exe109⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe110⤵
-
\??\c:\240042.exec:\240042.exe111⤵
-
\??\c:\28600.exec:\28600.exe112⤵
-
\??\c:\u248044.exec:\u248044.exe113⤵
-
\??\c:\9pjdv.exec:\9pjdv.exe114⤵
-
\??\c:\260466.exec:\260466.exe115⤵
-
\??\c:\2262020.exec:\2262020.exe116⤵
-
\??\c:\82822.exec:\82822.exe117⤵
-
\??\c:\c682888.exec:\c682888.exe118⤵
-
\??\c:\m2882.exec:\m2882.exe119⤵
-
\??\c:\frfffxl.exec:\frfffxl.exe120⤵
-
\??\c:\9djjj.exec:\9djjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-