Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-11-2024 21:12
General
-
Target
30e9c6b33b971b438c0b3db5ea0964fc7d1cab9c2131294e18591b5540b38aa0.exe
-
Size
332KB
-
MD5
c627dddffa7434e42384fbb2b307622c
-
SHA1
526fd0d28ae693bd9813ebbed46a5bfe297efac1
-
SHA256
30e9c6b33b971b438c0b3db5ea0964fc7d1cab9c2131294e18591b5540b38aa0
-
SHA512
3eb5903d056bddfdaf2e1dc693137b1b17bdd7401f0df856da09403aeb19ded80cd3aaa145369e3f7bb0a193d608cd58d70508cfd7c2eabc2e902a32dab720f6
-
SSDEEP
6144:3cm7ImGddXsJdJIjaRleL42bL37BoTPkhu9gX5yGsTshQc8R0nxA5ij8+RC7tPhP:F7Tc8JdSjylh2b77BoTMA9gX59sTsuTf
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\30e9c6b33b971b438c0b3db5ea0964fc7d1cab9c2131294e18591b5540b38aa0.exe"C:\Users\Admin\AppData\Local\Temp\30e9c6b33b971b438c0b3db5ea0964fc7d1cab9c2131294e18591b5540b38aa0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbb.exec:\btntbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjp.exec:\5dpjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffrxx.exec:\9xffrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnntt.exec:\thnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpv.exec:\1vjpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjp.exec:\3pdjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdp.exec:\jjpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjv.exec:\pvjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbb.exec:\tthnbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frlflr.exec:\7frlflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bttbh.exec:\1bttbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlrf.exec:\lfxrlrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe17⤵
- Executes dropped EXE
-
\??\c:\llllrfr.exec:\llllrfr.exe18⤵
- Executes dropped EXE
-
\??\c:\9vpjd.exec:\9vpjd.exe19⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\5httbt.exec:\5httbt.exe21⤵
- Executes dropped EXE
-
\??\c:\5thbht.exec:\5thbht.exe22⤵
- Executes dropped EXE
-
\??\c:\frflxxl.exec:\frflxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\bbtthh.exec:\bbtthh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe25⤵
- Executes dropped EXE
-
\??\c:\5fxfrxl.exec:\5fxfrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe28⤵
- Executes dropped EXE
-
\??\c:\tnntbn.exec:\tnntbn.exe29⤵
- Executes dropped EXE
-
\??\c:\7dppp.exec:\7dppp.exe30⤵
- Executes dropped EXE
-
\??\c:\frllrrx.exec:\frllrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnbtt.exec:\hbnbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\ffrfffl.exec:\ffrfffl.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe34⤵
- Executes dropped EXE
-
\??\c:\btntnn.exec:\btntnn.exe35⤵
- Executes dropped EXE
-
\??\c:\7jvpv.exec:\7jvpv.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxxxfr.exec:\rlxxxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe38⤵
- Executes dropped EXE
-
\??\c:\7vdjj.exec:\7vdjj.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7jjpv.exec:\7jjpv.exe40⤵
- Executes dropped EXE
-
\??\c:\3lfxffl.exec:\3lfxffl.exe41⤵
- Executes dropped EXE
-
\??\c:\5htttt.exec:\5htttt.exe42⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe43⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe48⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\7xfrfxf.exec:\7xfrfxf.exe50⤵
- Executes dropped EXE
-
\??\c:\1xrxrxf.exec:\1xrxrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\bnbtbb.exec:\bnbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe54⤵
- Executes dropped EXE
-
\??\c:\5frfxxl.exec:\5frfxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\1bhnnt.exec:\1bhnnt.exe56⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\1flrffr.exec:\1flrffr.exe59⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe60⤵
- Executes dropped EXE
-
\??\c:\ttbbtt.exec:\ttbbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\3vpjd.exec:\3vpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\7xflllr.exec:\7xflllr.exe63⤵
- Executes dropped EXE
-
\??\c:\7fxfrxf.exec:\7fxfrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\1tntnn.exec:\1tntnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe66⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe67⤵
-
\??\c:\xrflffl.exec:\xrflffl.exe68⤵
-
\??\c:\lxfllrx.exec:\lxfllrx.exe69⤵
-
\??\c:\tntnbh.exec:\tntnbh.exe70⤵
-
\??\c:\jddpd.exec:\jddpd.exe71⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe72⤵
-
\??\c:\xrxxflf.exec:\xrxxflf.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tthnbh.exec:\tthnbh.exe74⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe75⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe76⤵
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe77⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe78⤵
-
\??\c:\bntbbn.exec:\bntbbn.exe79⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe80⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe81⤵
-
\??\c:\3rrfrrx.exec:\3rrfrrx.exe82⤵
-
\??\c:\3nbnbb.exec:\3nbnbb.exe83⤵
-
\??\c:\hthntn.exec:\hthntn.exe84⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe85⤵
-
\??\c:\fxrrflx.exec:\fxrrflx.exe86⤵
-
\??\c:\xlllrlr.exec:\xlllrlr.exe87⤵
-
\??\c:\ttntbt.exec:\ttntbt.exe88⤵
-
\??\c:\pppvd.exec:\pppvd.exe89⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe90⤵
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe91⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe92⤵
-
\??\c:\1tnntt.exec:\1tnntt.exe93⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe94⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe95⤵
-
\??\c:\frxxfxr.exec:\frxxfxr.exe96⤵
-
\??\c:\9btbnn.exec:\9btbnn.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vddpv.exec:\vddpv.exe98⤵
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe99⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe100⤵
-
\??\c:\5bnnnn.exec:\5bnnnn.exe101⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe102⤵
-
\??\c:\9xrxllx.exec:\9xrxllx.exe103⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe104⤵
-
\??\c:\7bnnbh.exec:\7bnnbh.exe105⤵
-
\??\c:\vpddp.exec:\vpddp.exe106⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe107⤵
-
\??\c:\7rfxxfr.exec:\7rfxxfr.exe108⤵
-
\??\c:\5nhntt.exec:\5nhntt.exe109⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe110⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe111⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe112⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe113⤵
-
\??\c:\tbthtb.exec:\tbthtb.exe114⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe115⤵
-
\??\c:\rffrflr.exec:\rffrflr.exe116⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe117⤵
-
\??\c:\thnbtb.exec:\thnbtb.exe118⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe119⤵
-
\??\c:\3xllrxl.exec:\3xllrxl.exe120⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-