Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-12-2024 21:23
General
-
Target
fabaa189d3d25ebb00cb64943b8507694fa8c8ecde0069d8e7be3acbc01a63cfN.exe
-
Size
83KB
-
MD5
d392214af365ed354a5b48ed78e9c8f0
-
SHA1
b1dd06f4caaf33c648328e65803a6ac9d283d290
-
SHA256
fabaa189d3d25ebb00cb64943b8507694fa8c8ecde0069d8e7be3acbc01a63cf
-
SHA512
6d8eebf09fea206c6d4778a9f89f7f4aef85cf46869ad6eeb7a16196e438e12cd723131785e253fbc0469f361b3de76f14921f76ca992f9b2f1fbf40117a6888
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qt:ymb3NkkiQ3mdBjFIIp9L9QrrA8I
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fabaa189d3d25ebb00cb64943b8507694fa8c8ecde0069d8e7be3acbc01a63cfN.exe"C:\Users\Admin\AppData\Local\Temp\fabaa189d3d25ebb00cb64943b8507694fa8c8ecde0069d8e7be3acbc01a63cfN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxff.exec:\rlffxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnh.exec:\hbttnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjj.exec:\jppjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxlfx.exec:\5lfxlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbtb.exec:\tttbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvp.exec:\pdvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxxx.exec:\frxxxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnb.exec:\hthtnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdd.exec:\vdpdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxfxrr.exec:\frxfxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thnhn.exec:\3thnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvp.exec:\3pvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfrxrx.exec:\1rfrxrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xflllf.exec:\5xflllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbnn.exec:\htbbnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbthh.exec:\5hbthh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxrlf.exec:\lflxrlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbb.exec:\htnnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnnt.exec:\hbbnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe24⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe25⤵
- Executes dropped EXE
-
\??\c:\7llxrrf.exec:\7llxrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\1nbtnh.exec:\1nbtnh.exe27⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\7vpdp.exec:\7vpdp.exe29⤵
- Executes dropped EXE
-
\??\c:\9rrflfl.exec:\9rrflfl.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\3ddjd.exec:\3ddjd.exe33⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe34⤵
- Executes dropped EXE
-
\??\c:\fflxlxf.exec:\fflxlxf.exe35⤵
- Executes dropped EXE
-
\??\c:\3rxrlll.exec:\3rxrlll.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhhbh.exec:\nhhhbh.exe37⤵
- Executes dropped EXE
-
\??\c:\fllfrrf.exec:\fllfrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\9frxflf.exec:\9frxflf.exe39⤵
- Executes dropped EXE
-
\??\c:\thnbhb.exec:\thnbhb.exe40⤵
- Executes dropped EXE
-
\??\c:\3dvpp.exec:\3dvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\3dvvj.exec:\3dvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\1rrfrrl.exec:\1rrfrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbbnn.exec:\ttbbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe46⤵
- Executes dropped EXE
-
\??\c:\3vpdd.exec:\3vpdd.exe47⤵
- Executes dropped EXE
-
\??\c:\3xxxrrr.exec:\3xxxrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\fxfxxfx.exec:\fxfxxfx.exe49⤵
- Executes dropped EXE
-
\??\c:\nbthtt.exec:\nbthtt.exe50⤵
- Executes dropped EXE
-
\??\c:\1tnhtn.exec:\1tnhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe52⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxlrlf.exec:\rxxlrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\1nnnhh.exec:\1nnnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxxrlff.exec:\lxxrlff.exe59⤵
- Executes dropped EXE
-
\??\c:\frrlrrl.exec:\frrlrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe61⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe63⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe64⤵
- Executes dropped EXE
-
\??\c:\llrlffx.exec:\llrlffx.exe65⤵
- Executes dropped EXE
-
\??\c:\xllfxxr.exec:\xllfxxr.exe66⤵
-
\??\c:\ntbbnb.exec:\ntbbnb.exe67⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe68⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe69⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe70⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe71⤵
-
\??\c:\rlfffff.exec:\rlfffff.exe72⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe73⤵
-
\??\c:\nthhnh.exec:\nthhnh.exe74⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe75⤵
-
\??\c:\rlrflfr.exec:\rlrflfr.exe76⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe77⤵
-
\??\c:\thttnn.exec:\thttnn.exe78⤵
-
\??\c:\3dvpp.exec:\3dvpp.exe79⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe80⤵
-
\??\c:\3fxrlfx.exec:\3fxrlfx.exe81⤵
-
\??\c:\xfflflf.exec:\xfflflf.exe82⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe83⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe84⤵
-
\??\c:\rllflrx.exec:\rllflrx.exe85⤵
-
\??\c:\9xrlfxr.exec:\9xrlfxr.exe86⤵
-
\??\c:\3ttnhh.exec:\3ttnhh.exe87⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe88⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe89⤵
-
\??\c:\rrrfrrf.exec:\rrrfrrf.exe90⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe91⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe92⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe93⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe94⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe95⤵
-
\??\c:\rxrfxfx.exec:\rxrfxfx.exe96⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe97⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe98⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe99⤵
-
\??\c:\flfxrrl.exec:\flfxrrl.exe100⤵
-
\??\c:\3frrrrl.exec:\3frrrrl.exe101⤵
-
\??\c:\3nttnn.exec:\3nttnn.exe102⤵
-
\??\c:\7jjvj.exec:\7jjvj.exe103⤵
-
\??\c:\3ddvv.exec:\3ddvv.exe104⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe105⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe106⤵
-
\??\c:\1hbttt.exec:\1hbttt.exe107⤵
-
\??\c:\9pppd.exec:\9pppd.exe108⤵
-
\??\c:\dppjv.exec:\dppjv.exe109⤵
-
\??\c:\llrlrrx.exec:\llrlrrx.exe110⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe111⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe112⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe113⤵
-
\??\c:\pvppv.exec:\pvppv.exe114⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe115⤵
-
\??\c:\rxrxrfl.exec:\rxrxrfl.exe116⤵
-
\??\c:\fxffffl.exec:\fxffffl.exe117⤵
-
\??\c:\bttnht.exec:\bttnht.exe118⤵
-
\??\c:\9bhthh.exec:\9bhthh.exe119⤵
-
\??\c:\3djjv.exec:\3djjv.exe120⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-