Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-12-2024 11:27
General
-
Target
8d414bcb7feeebe6fe26fd14d43b4e5cb4a237cd76d84065994e917ae8384029.exe
-
Size
59KB
-
MD5
fe1e8f308114ebb1bccafa6b348169a3
-
SHA1
035898a02cd00797340815d2e7f45351d5e8b376
-
SHA256
8d414bcb7feeebe6fe26fd14d43b4e5cb4a237cd76d84065994e917ae8384029
-
SHA512
f3375cb04f32553350afaf8e714637bec1026ad0a5f66fb522580a48ed2908071d1f6eec7f0491489178d2dd8e35762cf2e4c8d4b3f48abf176e32d20dcf63bd
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5bx7DUQeDac7Akm:0cdpeeBSHHMHLf9Rybx7DYec7Fm
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d414bcb7feeebe6fe26fd14d43b4e5cb4a237cd76d84065994e917ae8384029.exe"C:\Users\Admin\AppData\Local\Temp\8d414bcb7feeebe6fe26fd14d43b4e5cb4a237cd76d84065994e917ae8384029.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbt.exec:\hhhbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxlxr.exec:\lllxlxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbt.exec:\hbthbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbtb.exec:\bhnbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvp.exec:\vjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhtt.exec:\9hnhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbn.exec:\tbhbbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfffrl.exec:\lrfffrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnn.exec:\hhtnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbb.exec:\nnhhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhbb.exec:\5bhhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjv.exec:\dpdjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffflf.exec:\lfffflf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbhh.exec:\nbbbhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxfl.exec:\xllfxfl.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe24⤵
- Executes dropped EXE
-
\??\c:\7jdjv.exec:\7jdjv.exe25⤵
- Executes dropped EXE
-
\??\c:\xrffxrx.exec:\xrffxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\rrllllf.exec:\rrllllf.exe27⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe29⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxlfff.exec:\rrxlfff.exe31⤵
- Executes dropped EXE
-
\??\c:\3lrlfff.exec:\3lrlfff.exe32⤵
- Executes dropped EXE
-
\??\c:\xllfxrl.exec:\xllfxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhbbt.exec:\tnhbbt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\llrrlxr.exec:\llrrlxr.exe37⤵
- Executes dropped EXE
-
\??\c:\5httnn.exec:\5httnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\vdppd.exec:\vdppd.exe40⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\rfllxfl.exec:\rfllxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe44⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\7xffxxr.exec:\7xffxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\bnhhhh.exec:\bnhhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\bhbttt.exec:\bhbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\7llffll.exec:\7llffll.exe55⤵
- Executes dropped EXE
-
\??\c:\hhbnnn.exec:\hhbnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\fllffxx.exec:\fllffxx.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9bbhhb.exec:\9bbhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvvpj.exec:\vvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxrxxx.exec:\rlxrxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\9lxxfxl.exec:\9lxxfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe66⤵
-
\??\c:\llfrrrx.exec:\llfrrrx.exe67⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe68⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe69⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe70⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe71⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe72⤵
-
\??\c:\rlxrrxf.exec:\rlxrrxf.exe73⤵
-
\??\c:\1lrrfll.exec:\1lrrfll.exe74⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe75⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe76⤵
-
\??\c:\dddvp.exec:\dddvp.exe77⤵
-
\??\c:\rlfffff.exec:\rlfffff.exe78⤵
-
\??\c:\lxlfflr.exec:\lxlfflr.exe79⤵
-
\??\c:\7bhbhh.exec:\7bhbhh.exe80⤵
-
\??\c:\3thbhn.exec:\3thbhn.exe81⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe82⤵
-
\??\c:\5frlfff.exec:\5frlfff.exe83⤵
-
\??\c:\9htttt.exec:\9htttt.exe84⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe85⤵
-
\??\c:\dddvp.exec:\dddvp.exe86⤵
-
\??\c:\5rflxfx.exec:\5rflxfx.exe87⤵
-
\??\c:\lfrrrxr.exec:\lfrrrxr.exe88⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe89⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe90⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe91⤵
-
\??\c:\rflffll.exec:\rflffll.exe92⤵
-
\??\c:\ththtb.exec:\ththtb.exe93⤵
-
\??\c:\vppjd.exec:\vppjd.exe94⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe95⤵
-
\??\c:\hnhbnt.exec:\hnhbnt.exe96⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe97⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe98⤵
-
\??\c:\hnhbhn.exec:\hnhbhn.exe99⤵
-
\??\c:\thbbbh.exec:\thbbbh.exe100⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe101⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe102⤵
-
\??\c:\7rxrlll.exec:\7rxrlll.exe103⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe104⤵
-
\??\c:\jjppv.exec:\jjppv.exe105⤵
-
\??\c:\xfxrlll.exec:\xfxrlll.exe106⤵
-
\??\c:\rflllff.exec:\rflllff.exe107⤵
-
\??\c:\hntttb.exec:\hntttb.exe108⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe109⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe110⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe111⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe112⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe113⤵
-
\??\c:\vvddp.exec:\vvddp.exe114⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe115⤵
-
\??\c:\1flxlfx.exec:\1flxlfx.exe116⤵
-
\??\c:\7htnnh.exec:\7htnnh.exe117⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe118⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe119⤵
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe120⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-