Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 05:40
General
-
Target
df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4.exe
-
Size
71KB
-
MD5
1e4ab4d42921fb71305c3bc0e966f7bf
-
SHA1
8759e87fbd6a17ed2c4ced288e48842d28213b38
-
SHA256
df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4
-
SHA512
d55b46061f9fbc56ee4c5e17c4998ff222dc4ce1e1f60568c11b97bbab44ac1ca877580c7a90b402feb51f713dfe8ea72668c8232daf81d8ae2db11b3202312a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+q8l45CmK:ymb3NkkiQ3mdBjFIj+q8lL
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4.exe"C:\Users\Admin\AppData\Local\Temp\df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntnb.exec:\hbntnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lllffx.exec:\1lllffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnt.exec:\bhttnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjj.exec:\ppdjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlrrx.exec:\llrlrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthn.exec:\btbthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjj.exec:\vjdjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlllr.exec:\frxlllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhtt.exec:\ntnhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxxxr.exec:\xfxxxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhnn.exec:\nthhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbtt.exec:\nbtbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhnt.exec:\ttbhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddd.exec:\3dddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxff.exec:\rrrrxff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlfl.exec:\frrrlfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbh.exec:\nntbbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrrr.exec:\rffxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffxrf.exec:\rxffxrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxr.exec:\rflfxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe24⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe25⤵
- Executes dropped EXE
-
\??\c:\5rxrlrl.exec:\5rxrlrl.exe26⤵
- Executes dropped EXE
-
\??\c:\lxlrrfl.exec:\lxlrrfl.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhtbt.exec:\hbhtbt.exe28⤵
- Executes dropped EXE
-
\??\c:\xlffrxx.exec:\xlffrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnnhn.exec:\nnnnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\9flllll.exec:\9flllll.exe33⤵
- Executes dropped EXE
-
\??\c:\tbbbbb.exec:\tbbbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe36⤵
- Executes dropped EXE
-
\??\c:\tbbhnh.exec:\tbbhnh.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\rrffxfr.exec:\rrffxfr.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnthh.exec:\nhnthh.exe40⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe41⤵
- Executes dropped EXE
-
\??\c:\lrfxlfx.exec:\lrfxlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\bhhbbb.exec:\bhhbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\7jpdv.exec:\7jpdv.exe44⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rxffxxx.exec:\rxffxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\thbbbb.exec:\thbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\frlflxx.exec:\frlflxx.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrfxxrr.exec:\xrfxxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\3nnnhh.exec:\3nnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe56⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\xlllffr.exec:\xlllffr.exe58⤵
- Executes dropped EXE
-
\??\c:\tbhthh.exec:\tbhthh.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe60⤵
- Executes dropped EXE
-
\??\c:\ffffxrl.exec:\ffffxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\5rrxxff.exec:\5rrxxff.exe62⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\9ddvv.exec:\9ddvv.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxrrrf.exec:\xxxrrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\rrrxfxx.exec:\rrrxfxx.exe66⤵
-
\??\c:\1bhhnb.exec:\1bhhnb.exe67⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe68⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe69⤵
-
\??\c:\lfrxxlr.exec:\lfrxxlr.exe70⤵
-
\??\c:\3nbthn.exec:\3nbthn.exe71⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe72⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe73⤵
-
\??\c:\lrfflrr.exec:\lrfflrr.exe74⤵
-
\??\c:\1xxfffx.exec:\1xxfffx.exe75⤵
-
\??\c:\5tthbh.exec:\5tthbh.exe76⤵
-
\??\c:\5dpvp.exec:\5dpvp.exe77⤵
-
\??\c:\rlrrfll.exec:\rlrrfll.exe78⤵
-
\??\c:\5frrlrr.exec:\5frrlrr.exe79⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe80⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe81⤵
-
\??\c:\jjppp.exec:\jjppp.exe82⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe83⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe84⤵
-
\??\c:\bhnttn.exec:\bhnttn.exe85⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe86⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe87⤵
-
\??\c:\llxxlrx.exec:\llxxlrx.exe88⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe89⤵
-
\??\c:\htnhht.exec:\htnhht.exe90⤵
-
\??\c:\djddv.exec:\djddv.exe91⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe92⤵
-
\??\c:\rllrxff.exec:\rllrxff.exe93⤵
-
\??\c:\jjppp.exec:\jjppp.exe94⤵
-
\??\c:\xxrrrxr.exec:\xxrrrxr.exe95⤵
-
\??\c:\tthbbn.exec:\tthbbn.exe96⤵
-
\??\c:\tbntnt.exec:\tbntnt.exe97⤵
-
\??\c:\pdppv.exec:\pdppv.exe98⤵
-
\??\c:\ffrrxll.exec:\ffrrxll.exe99⤵
-
\??\c:\bnntnt.exec:\bnntnt.exe100⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe101⤵
-
\??\c:\xfxffxr.exec:\xfxffxr.exe102⤵
-
\??\c:\hhthnh.exec:\hhthnh.exe103⤵
-
\??\c:\9bhhnh.exec:\9bhhnh.exe104⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe105⤵
-
\??\c:\1rfllxr.exec:\1rfllxr.exe106⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe107⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe108⤵
-
\??\c:\xfrfrfr.exec:\xfrfrfr.exe109⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe110⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe111⤵
-
\??\c:\3vjjd.exec:\3vjjd.exe112⤵
-
\??\c:\rfxxrxx.exec:\rfxxrxx.exe113⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe114⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe115⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe116⤵
-
\??\c:\xxrxflx.exec:\xxrxflx.exe117⤵
-
\??\c:\ntnhht.exec:\ntnhht.exe118⤵
-
\??\c:\9hntbh.exec:\9hntbh.exe119⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe120⤵
-
\??\c:\9frxfll.exec:\9frxfll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-