Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24-11-2024 01:37
General
-
Target
9eb5cea4d87deffe920c70c2e20717185aaf17a9e7ac539103163a4fc8dabee1.exe
-
Size
75KB
-
MD5
6a80c71d4bf36bba3919b38458520207
-
SHA1
26ef483b9d94886f83d3e932a1133748acca31d7
-
SHA256
9eb5cea4d87deffe920c70c2e20717185aaf17a9e7ac539103163a4fc8dabee1
-
SHA512
06745695ee55a1ed775a892841fdc547398d025872b4397e05d23d6082e459845f3295465418b2e9340edc60ca1c5d59990fd5c8bb75654e2d56966c19278654
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmsh:ymb3NkkiQ3mdBjFIvl358nLA89OMFVH/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9eb5cea4d87deffe920c70c2e20717185aaf17a9e7ac539103163a4fc8dabee1.exe"C:\Users\Admin\AppData\Local\Temp\9eb5cea4d87deffe920c70c2e20717185aaf17a9e7ac539103163a4fc8dabee1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllfr.exec:\frxllfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnn.exec:\nhbtnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnhhh.exec:\7tnhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtbn.exec:\hhhtbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrfxrr.exec:\3xrfxrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllflf.exec:\rlllflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnhh.exec:\tbnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvv.exec:\vjjvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlrfl.exec:\frxlrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnth.exec:\hthnth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffl.exec:\rlxxffl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhbb.exec:\nhbhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvj.exec:\5pdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffrfr.exec:\lrffrfr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbbn.exec:\hntbbn.exe23⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\rrxxxrl.exec:\rrxxxrl.exe25⤵
- Executes dropped EXE
-
\??\c:\7hbbbb.exec:\7hbbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe27⤵
- Executes dropped EXE
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\7djjv.exec:\7djjv.exe30⤵
- Executes dropped EXE
-
\??\c:\1fllxrl.exec:\1fllxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\bnbbnb.exec:\bnbbnb.exe32⤵
- Executes dropped EXE
-
\??\c:\thnnbn.exec:\thnnbn.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrxxff.exec:\lfrxxff.exe35⤵
- Executes dropped EXE
-
\??\c:\ntthbn.exec:\ntthbn.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\3xffxfl.exec:\3xffxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\ttbttn.exec:\ttbttn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe42⤵
- Executes dropped EXE
-
\??\c:\frfrfrf.exec:\frfrfrf.exe43⤵
- Executes dropped EXE
-
\??\c:\ththtt.exec:\ththtt.exe44⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe45⤵
- Executes dropped EXE
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe47⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\3vjjd.exec:\3vjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\xxffflr.exec:\xxffflr.exe50⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rllfxxr.exec:\rllfxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\thhntt.exec:\thhntt.exe53⤵
- Executes dropped EXE
-
\??\c:\3hhhhh.exec:\3hhhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\5pddp.exec:\5pddp.exe55⤵
- Executes dropped EXE
-
\??\c:\lrrrrxx.exec:\lrrrrxx.exe56⤵
- Executes dropped EXE
-
\??\c:\hnntbt.exec:\hnntbt.exe57⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\7rxrflf.exec:\7rxrflf.exe59⤵
- Executes dropped EXE
-
\??\c:\bthnnn.exec:\bthnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\bhnnnb.exec:\bhnnnb.exe61⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\lllfrfl.exec:\lllfrfl.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrrrfr.exec:\rlrrrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnhnn.exec:\ttnhnn.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe66⤵
-
\??\c:\vddjv.exec:\vddjv.exe67⤵
-
\??\c:\5xffrll.exec:\5xffrll.exe68⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe69⤵
-
\??\c:\bbbnnb.exec:\bbbnnb.exe70⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe71⤵
-
\??\c:\xfllxlf.exec:\xfllxlf.exe72⤵
-
\??\c:\fxxxlfr.exec:\fxxxlfr.exe73⤵
-
\??\c:\htbthh.exec:\htbthh.exe74⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe75⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe76⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe77⤵
-
\??\c:\flfrllf.exec:\flfrllf.exe78⤵
-
\??\c:\5nbtbt.exec:\5nbtbt.exe79⤵
-
\??\c:\bttntt.exec:\bttntt.exe80⤵
-
\??\c:\btbthb.exec:\btbthb.exe81⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe82⤵
-
\??\c:\3xxrffx.exec:\3xxrffx.exe83⤵
-
\??\c:\rxflffx.exec:\rxflffx.exe84⤵
-
\??\c:\btbbth.exec:\btbbth.exe85⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe86⤵
-
\??\c:\fxfxflr.exec:\fxfxflr.exe87⤵
-
\??\c:\1bhhnn.exec:\1bhhnn.exe88⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe89⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe90⤵
-
\??\c:\rffxfrl.exec:\rffxfrl.exe91⤵
-
\??\c:\frlxfll.exec:\frlxfll.exe92⤵
-
\??\c:\5ntbhb.exec:\5ntbhb.exe93⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe94⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe95⤵
-
\??\c:\5rrfxfx.exec:\5rrfxfx.exe96⤵
-
\??\c:\xxxllrr.exec:\xxxllrr.exe97⤵
-
\??\c:\3htbtn.exec:\3htbtn.exe98⤵
-
\??\c:\jjppj.exec:\jjppj.exe99⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe100⤵
-
\??\c:\1frfrrl.exec:\1frfrrl.exe101⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe102⤵
-
\??\c:\vjppp.exec:\vjppp.exe103⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe104⤵
-
\??\c:\9frrxlf.exec:\9frrxlf.exe105⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe106⤵
-
\??\c:\1btnht.exec:\1btnht.exe107⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe108⤵
-
\??\c:\bhhbbn.exec:\bhhbbn.exe109⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe110⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe111⤵
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe112⤵
-
\??\c:\tbttbt.exec:\tbttbt.exe113⤵
-
\??\c:\bnnbnn.exec:\bnnbnn.exe114⤵
-
\??\c:\pddvp.exec:\pddvp.exe115⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe116⤵
-
\??\c:\1flfrll.exec:\1flfrll.exe117⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe118⤵
-
\??\c:\thnttt.exec:\thnttt.exe119⤵
-
\??\c:\7djjd.exec:\7djjd.exe120⤵
-
\??\c:\flxxrff.exec:\flxxrff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-