Analysis
-
max time kernel
120s -
max time network
22s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/11/2024, 02:30
General
-
Target
221e8c1bb311c20f59810f07efcbd1df7f9ce75fce474325462b1f31c853f5dbN.exe
-
Size
71KB
-
MD5
5e7311becc25b8bbf4b9d800fafd50b0
-
SHA1
47b09cb4734bc8e673b44860309b439efbafb1f1
-
SHA256
221e8c1bb311c20f59810f07efcbd1df7f9ce75fce474325462b1f31c853f5db
-
SHA512
30c043eb840e04395344e471af5bde04eb102e52e1fc570ddd22f0496e85a30c6fad352bc1eeafd6027390a7450c71bf7e6a3e0dcb2c5b79110ba2ed3b2204fd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj0:ymb3NkkiQ3mdBjFI4VE
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\221e8c1bb311c20f59810f07efcbd1df7f9ce75fce474325462b1f31c853f5dbN.exe"C:\Users\Admin\AppData\Local\Temp\221e8c1bb311c20f59810f07efcbd1df7f9ce75fce474325462b1f31c853f5dbN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvd.exec:\jpdvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppv.exec:\dvppv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrxl.exec:\rrrrrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxflr.exec:\lflxflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fflxfl.exec:\5fflxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlxr.exec:\ffrxlxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfllxr.exec:\llfllxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhhb.exec:\tbnhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjpv.exec:\7pjpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrxl.exec:\fxllrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxffff.exec:\fxxffff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhtt.exec:\3hbhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe17⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe18⤵
- Executes dropped EXE
-
\??\c:\xrlllfl.exec:\xrlllfl.exe19⤵
- Executes dropped EXE
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe21⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe22⤵
- Executes dropped EXE
-
\??\c:\7jdjj.exec:\7jdjj.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrflfl.exec:\rfrflfl.exe24⤵
- Executes dropped EXE
-
\??\c:\9xlxxxf.exec:\9xlxxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\bbntht.exec:\bbntht.exe26⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe28⤵
- Executes dropped EXE
-
\??\c:\5lxflll.exec:\5lxflll.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbhnn.exec:\hbbhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\7vvjd.exec:\7vvjd.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\lxrxflr.exec:\lxrxflr.exe33⤵
- Executes dropped EXE
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhntb.exec:\nhhntb.exe35⤵
- Executes dropped EXE
-
\??\c:\bntbbt.exec:\bntbbt.exe36⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe37⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe38⤵
- Executes dropped EXE
-
\??\c:\rlrfxfx.exec:\rlrfxfx.exe39⤵
- Executes dropped EXE
-
\??\c:\xrlxfll.exec:\xrlxfll.exe40⤵
- Executes dropped EXE
-
\??\c:\9thtnh.exec:\9thtnh.exe41⤵
- Executes dropped EXE
-
\??\c:\7bhbnn.exec:\7bhbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe44⤵
- Executes dropped EXE
-
\??\c:\7frrxxl.exec:\7frrxxl.exe45⤵
- Executes dropped EXE
-
\??\c:\lxrflfx.exec:\lxrflfx.exe46⤵
- Executes dropped EXE
-
\??\c:\xlfrrxf.exec:\xlfrrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\bbnnnt.exec:\bbnnnt.exe48⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe49⤵
- Executes dropped EXE
-
\??\c:\1pddj.exec:\1pddj.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxfflr.exec:\lfxfflr.exe52⤵
- Executes dropped EXE
-
\??\c:\1xllxxf.exec:\1xllxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe54⤵
- Executes dropped EXE
-
\??\c:\thtthb.exec:\thtthb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe57⤵
- Executes dropped EXE
-
\??\c:\7frrffl.exec:\7frrffl.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnbtb.exec:\nhnbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\hhnbhn.exec:\hhnbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe62⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\5dvpd.exec:\5dvpd.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxflrf.exec:\lfxflrf.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe66⤵
-
\??\c:\5bbntb.exec:\5bbntb.exe67⤵
-
\??\c:\btntbb.exec:\btntbb.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3pddd.exec:\3pddd.exe69⤵
-
\??\c:\jdppv.exec:\jdppv.exe70⤵
-
\??\c:\5bbhhh.exec:\5bbhhh.exe71⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe72⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe73⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe74⤵
-
\??\c:\ffflflr.exec:\ffflflr.exe75⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe76⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe77⤵
-
\??\c:\9bnbnn.exec:\9bnbnn.exe78⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe79⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxffllx.exec:\fxffllx.exe81⤵
-
\??\c:\hbntbn.exec:\hbntbn.exe82⤵
-
\??\c:\5nbhhn.exec:\5nbhhn.exe83⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe84⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe85⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe86⤵
-
\??\c:\ffxrfff.exec:\ffxrfff.exe87⤵
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe88⤵
-
\??\c:\7nnbnt.exec:\7nnbnt.exe89⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe90⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe91⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe92⤵
-
\??\c:\lflrrlr.exec:\lflrrlr.exe93⤵
-
\??\c:\xrxxffx.exec:\xrxxffx.exe94⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe95⤵
-
\??\c:\thnthn.exec:\thnthn.exe96⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe97⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe98⤵
-
\??\c:\9fxxfll.exec:\9fxxfll.exe99⤵
-
\??\c:\5nttbb.exec:\5nttbb.exe100⤵
-
\??\c:\3thhnh.exec:\3thhnh.exe101⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe102⤵
-
\??\c:\dvppj.exec:\dvppj.exe103⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe104⤵
-
\??\c:\llrrflr.exec:\llrrflr.exe105⤵
-
\??\c:\9lfrffl.exec:\9lfrffl.exe106⤵
-
\??\c:\hhhnbb.exec:\hhhnbb.exe107⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe108⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe109⤵
-
\??\c:\5ddpd.exec:\5ddpd.exe110⤵
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe111⤵
-
\??\c:\ffxflrf.exec:\ffxflrf.exe112⤵
-
\??\c:\3btbhn.exec:\3btbhn.exe113⤵
-
\??\c:\ttbnnt.exec:\ttbnnt.exe114⤵
-
\??\c:\dpddp.exec:\dpddp.exe115⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe116⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe117⤵
-
\??\c:\9xlrllf.exec:\9xlrllf.exe118⤵
-
\??\c:\9xrxffr.exec:\9xrxffr.exe119⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe120⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-