Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24-11-2024 22:05
General
-
Target
434fc72e67530a0fe6da3e63c573b98738a22b5e0bdb74f5c8bfc5a9b2cb7082.exe
-
Size
61KB
-
MD5
ef15a5957777dd904d6874c1b55482df
-
SHA1
5d0f450fb54c5e140c209d61f8e690af86b9e8ac
-
SHA256
434fc72e67530a0fe6da3e63c573b98738a22b5e0bdb74f5c8bfc5a9b2cb7082
-
SHA512
6d741a624dfbb77e1959f9f2cae396c50d03d3b931c8bdec227ada432ce24dbc853f799ab135cf8e910d92a9c398fb373ee3f7826d3fab809b3c84d1cf127b6c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEubL:ymb3NkkiQ3mdBjFIvIFaE6
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\434fc72e67530a0fe6da3e63c573b98738a22b5e0bdb74f5c8bfc5a9b2cb7082.exe"C:\Users\Admin\AppData\Local\Temp\434fc72e67530a0fe6da3e63c573b98738a22b5e0bdb74f5c8bfc5a9b2cb7082.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhhb.exec:\hbbhhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxr.exec:\lfffxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxrrl.exec:\5rxxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhbh.exec:\5bhhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxrff.exec:\5rfxrff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbbtt.exec:\5nbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppd.exec:\jjppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrllxr.exec:\rlrllxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thbtt.exec:\9thbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrr.exec:\fffxrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrrrl.exec:\3rxrrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhn.exec:\hhnnhn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdj.exec:\jdjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbbh.exec:\tbtbbh.exe23⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe24⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe25⤵
- Executes dropped EXE
-
\??\c:\tnhnnh.exec:\tnhnnh.exe26⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe28⤵
- Executes dropped EXE
-
\??\c:\lllfrrr.exec:\lllfrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\lrrlfff.exec:\lrrlfff.exe30⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\5flfxxr.exec:\5flfxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe37⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrlfff.exec:\fxrlfff.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe40⤵
- Executes dropped EXE
-
\??\c:\bbhbnb.exec:\bbhbnb.exe41⤵
- Executes dropped EXE
-
\??\c:\9tbbtt.exec:\9tbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lllfxfx.exec:\lllfxfx.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\3thbhh.exec:\3thbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe48⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\1pdvj.exec:\1pdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\7xlfllr.exec:\7xlfllr.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\3nttnn.exec:\3nttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\5pvpj.exec:\5pvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe58⤵
- Executes dropped EXE
-
\??\c:\pddpp.exec:\pddpp.exe59⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlxflx.exec:\rrlxflx.exe61⤵
- Executes dropped EXE
-
\??\c:\rxffxxr.exec:\rxffxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\ttbttt.exec:\ttbttt.exe63⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\frrlrrr.exec:\frrlrrr.exe66⤵
-
\??\c:\rlxlllx.exec:\rlxlllx.exe67⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe68⤵
-
\??\c:\5htnnh.exec:\5htnnh.exe69⤵
-
\??\c:\vppjd.exec:\vppjd.exe70⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe71⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe72⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe73⤵
-
\??\c:\9hhtbb.exec:\9hhtbb.exe74⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe75⤵
-
\??\c:\pdppv.exec:\pdppv.exe76⤵
-
\??\c:\5xxrlxx.exec:\5xxrlxx.exe77⤵
-
\??\c:\1bnhtt.exec:\1bnhtt.exe78⤵
-
\??\c:\7nnnbh.exec:\7nnnbh.exe79⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe80⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe81⤵
-
\??\c:\5xfxxxf.exec:\5xfxxxf.exe82⤵
-
\??\c:\tntntn.exec:\tntntn.exe83⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe84⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe85⤵
-
\??\c:\xrrlfll.exec:\xrrlfll.exe86⤵
-
\??\c:\lffrllx.exec:\lffrllx.exe87⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe88⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe89⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe90⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe91⤵
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe92⤵
-
\??\c:\9xflrrf.exec:\9xflrrf.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7hhhhh.exec:\7hhhhh.exe94⤵
-
\??\c:\9nhbbh.exec:\9nhbbh.exe95⤵
-
\??\c:\3xfxlrl.exec:\3xfxlrl.exe96⤵
-
\??\c:\5hhbhh.exec:\5hhbhh.exe97⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe98⤵
-
\??\c:\7vpjd.exec:\7vpjd.exe99⤵
-
\??\c:\9djdp.exec:\9djdp.exe100⤵
-
\??\c:\dppjd.exec:\dppjd.exe101⤵
-
\??\c:\fflfrrr.exec:\fflfrrr.exe102⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe103⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe104⤵
-
\??\c:\nbthnn.exec:\nbthnn.exe105⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe106⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe107⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe108⤵
-
\??\c:\btttnn.exec:\btttnn.exe109⤵
-
\??\c:\3tbbtt.exec:\3tbbtt.exe110⤵
-
\??\c:\hnthth.exec:\hnthth.exe111⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe112⤵
-
\??\c:\rxrrffl.exec:\rxrrffl.exe113⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe114⤵
-
\??\c:\9hnntn.exec:\9hnntn.exe115⤵
-
\??\c:\tttbnb.exec:\tttbnb.exe116⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe117⤵
-
\??\c:\pjddj.exec:\pjddj.exe118⤵
-
\??\c:\frlfxxx.exec:\frlfxxx.exe119⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe120⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-