Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
25-11-2024 06:10
General
-
Target
a62abc3a61ccf5c297f723364067e9dc97662afd0dd1d33b6d992f4d04ebadca.exe
-
Size
60KB
-
MD5
80ff208361bb8210c11f7d7980cbd226
-
SHA1
5b87c00690251037794ca57dce8cb35586dc1bb1
-
SHA256
a62abc3a61ccf5c297f723364067e9dc97662afd0dd1d33b6d992f4d04ebadca
-
SHA512
e3102ec13d873caf6cdd90bf21f53c2bfd810b4b65f7944ca8d5bdfbeb5c1763d76e6305d764ebb09e0680e511bf24376a3ac36adfd4fbd63d27c77c4e88d052
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIm2hR0fF:ymb3NkkiQ3mdBjFIsIrhRkF
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a62abc3a61ccf5c297f723364067e9dc97662afd0dd1d33b6d992f4d04ebadca.exe"C:\Users\Admin\AppData\Local\Temp\a62abc3a61ccf5c297f723364067e9dc97662afd0dd1d33b6d992f4d04ebadca.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxlfx.exec:\xfrxlfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtb.exec:\htnhtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjp.exec:\jpvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frflrf.exec:\5frflrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjv.exec:\jpjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvdv.exec:\jpvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxflx.exec:\fflxflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnn.exec:\bbnbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvp.exec:\jdpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllxff.exec:\3rllxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrrlr.exec:\lrfrrlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbthh.exec:\ttbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbnn.exec:\bhnbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfrxl.exec:\xfrfrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbb.exec:\bbntbb.exe17⤵
- Executes dropped EXE
-
\??\c:\bbnbhn.exec:\bbnbhn.exe18⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe19⤵
- Executes dropped EXE
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe20⤵
- Executes dropped EXE
-
\??\c:\frlfrxf.exec:\frlfrxf.exe21⤵
- Executes dropped EXE
-
\??\c:\nnhhbn.exec:\nnhhbn.exe22⤵
- Executes dropped EXE
-
\??\c:\9bnbhn.exec:\9bnbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\1dpdj.exec:\1dpdj.exe24⤵
- Executes dropped EXE
-
\??\c:\5vpdp.exec:\5vpdp.exe25⤵
- Executes dropped EXE
-
\??\c:\3fxfrxf.exec:\3fxfrxf.exe26⤵
- Executes dropped EXE
-
\??\c:\bhnnht.exec:\bhnnht.exe27⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\xfrfrlf.exec:\xfrfrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\5thhnn.exec:\5thhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\bhbhhh.exec:\bhbhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\tbnnhh.exec:\tbnnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe34⤵
- Executes dropped EXE
-
\??\c:\3lxfxxl.exec:\3lxfxxl.exe35⤵
- Executes dropped EXE
-
\??\c:\1rffflx.exec:\1rffflx.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhntn.exec:\bbhntn.exe37⤵
- Executes dropped EXE
-
\??\c:\3bbhnn.exec:\3bbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe39⤵
- Executes dropped EXE
-
\??\c:\vvdjv.exec:\vvdjv.exe40⤵
- Executes dropped EXE
-
\??\c:\3xlrrlx.exec:\3xlrrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\llxxrxf.exec:\llxxrxf.exe42⤵
- Executes dropped EXE
-
\??\c:\5nbnnb.exec:\5nbnnb.exe43⤵
- Executes dropped EXE
-
\??\c:\3vpvd.exec:\3vpvd.exe44⤵
- Executes dropped EXE
-
\??\c:\xlrlrxf.exec:\xlrlrxf.exe45⤵
- Executes dropped EXE
-
\??\c:\3xlfxfr.exec:\3xlfxfr.exe46⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe47⤵
- Executes dropped EXE
-
\??\c:\tttnbh.exec:\tttnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxrxfl.exec:\ffxrxfl.exe50⤵
- Executes dropped EXE
-
\??\c:\1ffxlfl.exec:\1ffxlfl.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnthn.exec:\tnnthn.exe52⤵
- Executes dropped EXE
-
\??\c:\hhntnn.exec:\hhntnn.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddpvd.exec:\ddpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\1jppp.exec:\1jppp.exe55⤵
- Executes dropped EXE
-
\??\c:\9xxlflx.exec:\9xxlflx.exe56⤵
- Executes dropped EXE
-
\??\c:\rlffrrx.exec:\rlffrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\nthhth.exec:\nthhth.exe58⤵
- Executes dropped EXE
-
\??\c:\bttbhb.exec:\bttbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe60⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxfllx.exec:\xrxfllx.exe62⤵
- Executes dropped EXE
-
\??\c:\llflfll.exec:\llflfll.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbhnb.exec:\ttbhnb.exe64⤵
- Executes dropped EXE
-
\??\c:\5thhtb.exec:\5thhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe66⤵
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe67⤵
-
\??\c:\llrrffx.exec:\llrrffx.exe68⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe69⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe70⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe71⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe72⤵
-
\??\c:\llxfxfr.exec:\llxfxfr.exe73⤵
-
\??\c:\rlllrff.exec:\rlllrff.exe74⤵
-
\??\c:\9nnntb.exec:\9nnntb.exe75⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe76⤵
-
\??\c:\djvdd.exec:\djvdd.exe77⤵
-
\??\c:\jppjd.exec:\jppjd.exe78⤵
-
\??\c:\fllxllr.exec:\fllxllr.exe79⤵
-
\??\c:\rllrxxf.exec:\rllrxxf.exe80⤵
-
\??\c:\5bhntb.exec:\5bhntb.exe81⤵
-
\??\c:\7jjvv.exec:\7jjvv.exe82⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe83⤵
-
\??\c:\llrlrxf.exec:\llrlrxf.exe84⤵
-
\??\c:\9llrffr.exec:\9llrffr.exe85⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe86⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe87⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe88⤵
-
\??\c:\3vddd.exec:\3vddd.exe89⤵
-
\??\c:\9frxxxx.exec:\9frxxxx.exe90⤵
-
\??\c:\xxfllrx.exec:\xxfllrx.exe91⤵
-
\??\c:\3tnntb.exec:\3tnntb.exe92⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe93⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe94⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe95⤵
-
\??\c:\rrrxfff.exec:\rrrxfff.exe96⤵
-
\??\c:\rrrfrxx.exec:\rrrfrxx.exe97⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe98⤵
-
\??\c:\btbhnb.exec:\btbhnb.exe99⤵
-
\??\c:\nnbnnt.exec:\nnbnnt.exe100⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe101⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe102⤵
-
\??\c:\5rrxllr.exec:\5rrxllr.exe103⤵
-
\??\c:\lrxffff.exec:\lrxffff.exe104⤵
-
\??\c:\9hthhh.exec:\9hthhh.exe105⤵
-
\??\c:\hbhtnb.exec:\hbhtnb.exe106⤵
-
\??\c:\jjppv.exec:\jjppv.exe107⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe108⤵
-
\??\c:\ffrrflr.exec:\ffrrflr.exe109⤵
-
\??\c:\fxxlrxf.exec:\fxxlrxf.exe110⤵
-
\??\c:\1nbbhn.exec:\1nbbhn.exe111⤵
-
\??\c:\1bhnnt.exec:\1bhnnt.exe112⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe113⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe114⤵
-
\??\c:\rrxlrlr.exec:\rrxlrlr.exe115⤵
-
\??\c:\rrfrfrx.exec:\rrfrfrx.exe116⤵
-
\??\c:\7nhbnn.exec:\7nhbnn.exe117⤵
-
\??\c:\7tbtbn.exec:\7tbtbn.exe118⤵
-
\??\c:\ddddv.exec:\ddddv.exe119⤵
-
\??\c:\9dppv.exec:\9dppv.exe120⤵
-
\??\c:\rxrxflr.exec:\rxrxflr.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-