Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24/11/2024, 06:42
General
-
Target
4dbd80c8481330cf6d45c49bb4b201a4e5e903587fd94b893215e09726ba6cce.exe
-
Size
75KB
-
MD5
3b2cfa78ac01b81ef92a5aca15213f52
-
SHA1
31a8050eaa5aa43c3cb9adab4e6ec3bbf5ea778d
-
SHA256
4dbd80c8481330cf6d45c49bb4b201a4e5e903587fd94b893215e09726ba6cce
-
SHA512
df725d212f9174c192b66510349d7cd663262b71b37dc523cb1dbdd16a0f6f62b8c4fc2aa9883f6003cbd226ca62b66f104013932a7b8be99483d9a708839136
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qiImgS5ih6:ymb3NkkiQ3mdBjFIj+qiImgS5ih6
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dbd80c8481330cf6d45c49bb4b201a4e5e903587fd94b893215e09726ba6cce.exe"C:\Users\Admin\AppData\Local\Temp\4dbd80c8481330cf6d45c49bb4b201a4e5e903587fd94b893215e09726ba6cce.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnh.exec:\tnhtnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthbt.exec:\5tthbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxxx.exec:\frxxxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbhn.exec:\ttbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrlx.exec:\xllfrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbntn.exec:\3bbntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjpv.exec:\vjjpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnb.exec:\bbnbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttt.exec:\thtttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjj.exec:\vjdjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxlxr.exec:\9xfxlxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtt.exec:\tbbbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhh.exec:\bbbhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrrxll.exec:\ffrrxll.exe24⤵
- Executes dropped EXE
-
\??\c:\flrrlrl.exec:\flrrlrl.exe25⤵
- Executes dropped EXE
-
\??\c:\nbbthh.exec:\nbbthh.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrxrxr.exec:\fxrxrxr.exe29⤵
- Executes dropped EXE
-
\??\c:\ntntht.exec:\ntntht.exe30⤵
- Executes dropped EXE
-
\??\c:\vddjv.exec:\vddjv.exe31⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe32⤵
- Executes dropped EXE
-
\??\c:\5xffffr.exec:\5xffffr.exe33⤵
- Executes dropped EXE
-
\??\c:\9nhbtn.exec:\9nhbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\rxllxlr.exec:\rxllxlr.exe37⤵
- Executes dropped EXE
-
\??\c:\ntnbtn.exec:\ntnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\pvpvv.exec:\pvpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe41⤵
- Executes dropped EXE
-
\??\c:\frrlxlx.exec:\frrlxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\llrrrrl.exec:\llrrrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\5bhtnh.exec:\5bhtnh.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe45⤵
- Executes dropped EXE
-
\??\c:\1jjjv.exec:\1jjjv.exe46⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe47⤵
- Executes dropped EXE
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe48⤵
- Executes dropped EXE
-
\??\c:\9nnhbn.exec:\9nnhbn.exe49⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe50⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\3nnbnh.exec:\3nnbnh.exe54⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe55⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlxrrr.exec:\xrlxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnhnh.exec:\bnnhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe59⤵
- Executes dropped EXE
-
\??\c:\3dpdv.exec:\3dpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\flfxrlf.exec:\flfxrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe63⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe66⤵
-
\??\c:\xrfxlxr.exec:\xrfxlxr.exe67⤵
-
\??\c:\lxxrlfr.exec:\lxxrlfr.exe68⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe69⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe70⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe71⤵
-
\??\c:\frrxllx.exec:\frrxllx.exe72⤵
-
\??\c:\lfflfxf.exec:\lfflfxf.exe73⤵
-
\??\c:\ntnnhb.exec:\ntnnhb.exe74⤵
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe75⤵
-
\??\c:\bnnbnn.exec:\bnnbnn.exe76⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jpppd.exec:\jpppd.exe78⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe79⤵
-
\??\c:\fffxllr.exec:\fffxllr.exe80⤵
-
\??\c:\xxfxrfx.exec:\xxfxrfx.exe81⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe82⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe83⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe84⤵
-
\??\c:\xlrfrrl.exec:\xlrfrrl.exe85⤵
-
\??\c:\lxffxxr.exec:\lxffxxr.exe86⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe87⤵
-
\??\c:\thhttn.exec:\thhttn.exe88⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe89⤵
-
\??\c:\djvjd.exec:\djvjd.exe90⤵
-
\??\c:\fxxlrlr.exec:\fxxlrlr.exe91⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe92⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe93⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe94⤵
-
\??\c:\llxrllr.exec:\llxrllr.exe95⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe96⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe97⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe98⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe99⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe100⤵
-
\??\c:\lflfllf.exec:\lflfllf.exe101⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe102⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe103⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe104⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe105⤵
-
\??\c:\frlfxrr.exec:\frlfxrr.exe106⤵
-
\??\c:\3nbbnn.exec:\3nbbnn.exe107⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe108⤵
-
\??\c:\1dpjv.exec:\1dpjv.exe109⤵
-
\??\c:\pppjv.exec:\pppjv.exe110⤵
-
\??\c:\xxfxxxr.exec:\xxfxxxr.exe111⤵
-
\??\c:\fxfxfff.exec:\fxfxfff.exe112⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe113⤵
-
\??\c:\hnhbhn.exec:\hnhbhn.exe114⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe115⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe116⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe117⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe118⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5ddvp.exec:\5ddvp.exe120⤵
-
\??\c:\5llflfl.exec:\5llflfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-