Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 06:26
General
-
Target
05e8e031d4f5fcf02c1c6a1f8f823d67271b3f36e3e091f147cd53c87ac015b1N.exe
-
Size
283KB
-
MD5
5fa29f749455d87eaebdf09837c124a0
-
SHA1
9f5102b3280a473e0d2cbd004e801471d026511b
-
SHA256
05e8e031d4f5fcf02c1c6a1f8f823d67271b3f36e3e091f147cd53c87ac015b1
-
SHA512
f484bdb38c489286485e5f2749deb685e20c5eefcb91608b0d4074c5658a91f3c0c74aa4c6c25a8558fe47f1b2de52506c91f6b20b375c0e74669795210811c7
-
SSDEEP
6144:7cm4FmowdHoSoXSBcm4Vcm4FmowdHoSphra+cm4FMhraHcpOaKHpz:B4wFHoSoXW434wFHoS3eg4aeFaKHpz
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05e8e031d4f5fcf02c1c6a1f8f823d67271b3f36e3e091f147cd53c87ac015b1N.exe"C:\Users\Admin\AppData\Local\Temp\05e8e031d4f5fcf02c1c6a1f8f823d67271b3f36e3e091f147cd53c87ac015b1N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbt.exec:\bbthbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbth.exec:\3btbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjv.exec:\ppvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbbt.exec:\nbnbbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtnh.exec:\thhtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvj.exec:\ddjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjv.exec:\vpvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffffl.exec:\llffffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthhn.exec:\tnthhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjp.exec:\djpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlffx.exec:\7lrlffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbb.exec:\hhtnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnh.exec:\hhbhnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllrrf.exec:\xfllrrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrlll.exec:\7xrrlll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbt.exec:\hbbbbt.exe23⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\1pvvp.exec:\1pvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe26⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbhbn.exec:\hhbhbn.exe28⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe29⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\1xlffff.exec:\1xlffff.exe31⤵
- Executes dropped EXE
-
\??\c:\ffxflrx.exec:\ffxflrx.exe32⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrxxxx.exec:\rfrxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\9lrfflr.exec:\9lrfflr.exe37⤵
- Executes dropped EXE
-
\??\c:\hthnhn.exec:\hthnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\1xfxffl.exec:\1xfxffl.exe41⤵
- Executes dropped EXE
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\nntntt.exec:\nntntt.exe44⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\7frlxfx.exec:\7frlxfx.exe47⤵
- Executes dropped EXE
-
\??\c:\hhhhtt.exec:\hhhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\djjvv.exec:\djjvv.exe49⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe50⤵
- Executes dropped EXE
-
\??\c:\lflfxrl.exec:\lflfxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe54⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe55⤵
- Executes dropped EXE
-
\??\c:\3xlflfl.exec:\3xlflfl.exe56⤵
- Executes dropped EXE
-
\??\c:\5lfxrxr.exec:\5lfxrxr.exe57⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe59⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\fffxrrx.exec:\fffxrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\5lxxrxr.exec:\5lxxrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe64⤵
- Executes dropped EXE
-
\??\c:\jjvdd.exec:\jjvdd.exe65⤵
- Executes dropped EXE
-
\??\c:\rrffrrx.exec:\rrffrrx.exe66⤵
-
\??\c:\xrffxxx.exec:\xrffxxx.exe67⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe68⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe69⤵
-
\??\c:\dddvp.exec:\dddvp.exe70⤵
-
\??\c:\9lrlffx.exec:\9lrlffx.exe71⤵
-
\??\c:\5bhhbb.exec:\5bhhbb.exe72⤵
-
\??\c:\3dppj.exec:\3dppj.exe73⤵
-
\??\c:\djvpj.exec:\djvpj.exe74⤵
-
\??\c:\5lrlfff.exec:\5lrlfff.exe75⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe76⤵
-
\??\c:\7nttnn.exec:\7nttnn.exe77⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe78⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe79⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe80⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe81⤵
-
\??\c:\rrrlfll.exec:\rrrlfll.exe82⤵
-
\??\c:\ddddv.exec:\ddddv.exe83⤵
-
\??\c:\9xffrxr.exec:\9xffrxr.exe84⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe85⤵
-
\??\c:\5xrlllf.exec:\5xrlllf.exe86⤵
-
\??\c:\9bhhbn.exec:\9bhhbn.exe87⤵
-
\??\c:\djdvv.exec:\djdvv.exe88⤵
-
\??\c:\3fxrfxl.exec:\3fxrfxl.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tbtbhb.exec:\tbtbhb.exe90⤵
-
\??\c:\3pvdp.exec:\3pvdp.exe91⤵
-
\??\c:\ffflrrx.exec:\ffflrrx.exe92⤵
-
\??\c:\7jjvp.exec:\7jjvp.exe93⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe94⤵
-
\??\c:\hnthtt.exec:\hnthtt.exe95⤵
-
\??\c:\hhbnhb.exec:\hhbnhb.exe96⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe97⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe98⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe99⤵
-
\??\c:\llfxllx.exec:\llfxllx.exe100⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe101⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe102⤵
-
\??\c:\xffxxrl.exec:\xffxxrl.exe103⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe104⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe105⤵
-
\??\c:\jjddv.exec:\jjddv.exe106⤵
-
\??\c:\rllxxrx.exec:\rllxxrx.exe107⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe108⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe109⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jpvdp.exec:\jpvdp.exe110⤵
-
\??\c:\fxxrflf.exec:\fxxrflf.exe111⤵
-
\??\c:\llrrllf.exec:\llrrllf.exe112⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe113⤵
-
\??\c:\lflxxrr.exec:\lflxxrr.exe114⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe115⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe116⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe117⤵
-
\??\c:\lxxrrxr.exec:\lxxrrxr.exe118⤵
-
\??\c:\btthnh.exec:\btthnh.exe119⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe120⤵
-
\??\c:\jvddv.exec:\jvddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-