Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19-12-2024 01:05
General
-
Target
a16eaaee2e90d83d834fab53d41f6ce367490f19a836a3cf56b9e5abee7c6c76.exe
-
Size
455KB
-
MD5
6f62429486a44c80f2ac1f1f0d8b3bab
-
SHA1
7e173d76566840845b7ad7e2fdfdceba9fe3c46f
-
SHA256
a16eaaee2e90d83d834fab53d41f6ce367490f19a836a3cf56b9e5abee7c6c76
-
SHA512
790440f8310409102f16a2335b6fb89348014d0f9b6239c5208d97079d973dad68dea16c3802a76ed399a677ed84d7b002936f02f90f889e97af8159dd8ff70d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbei:q7Tc2NYHUrAwfMp3CDi
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 49 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a16eaaee2e90d83d834fab53d41f6ce367490f19a836a3cf56b9e5abee7c6c76.exe"C:\Users\Admin\AppData\Local\Temp\a16eaaee2e90d83d834fab53d41f6ce367490f19a836a3cf56b9e5abee7c6c76.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bblfbn.exec:\bblfbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpxrvf.exec:\jpxrvf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpfhhjl.exec:\jpfhhjl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptffvnf.exec:\ptffvnf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtbpr.exec:\vtbpr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdxdbn.exec:\pdxdbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxpxhj.exec:\hxpxhj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dllfxvn.exec:\dllfxvn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dphpj.exec:\dphpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtdlx.exec:\nhtdlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlbbttr.exec:\vlbbttr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtdhdlt.exec:\dtdhdlt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltxxdp.exec:\ltxxdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbldjvf.exec:\xbldjvf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvbhlxn.exec:\bvbhlxn.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\prjlbhb.exec:\prjlbhb.exe17⤵
- Executes dropped EXE
-
\??\c:\pptlpb.exec:\pptlpb.exe18⤵
- Executes dropped EXE
-
\??\c:\fxdfjpx.exec:\fxdfjpx.exe19⤵
- Executes dropped EXE
-
\??\c:\pdptt.exec:\pdptt.exe20⤵
- Executes dropped EXE
-
\??\c:\vfbljfl.exec:\vfbljfl.exe21⤵
- Executes dropped EXE
-
\??\c:\pbnbdn.exec:\pbnbdn.exe22⤵
- Executes dropped EXE
-
\??\c:\djrttn.exec:\djrttn.exe23⤵
- Executes dropped EXE
-
\??\c:\hbthr.exec:\hbthr.exe24⤵
- Executes dropped EXE
-
\??\c:\frhxdp.exec:\frhxdp.exe25⤵
- Executes dropped EXE
-
\??\c:\vtnxdd.exec:\vtnxdd.exe26⤵
- Executes dropped EXE
-
\??\c:\rvbfjfd.exec:\rvbfjfd.exe27⤵
- Executes dropped EXE
-
\??\c:\fjtbdhr.exec:\fjtbdhr.exe28⤵
- Executes dropped EXE
-
\??\c:\pnxdnx.exec:\pnxdnx.exe29⤵
- Executes dropped EXE
-
\??\c:\xlvtjxn.exec:\xlvtjxn.exe30⤵
- Executes dropped EXE
-
\??\c:\jrrtrt.exec:\jrrtrt.exe31⤵
- Executes dropped EXE
-
\??\c:\jtpxj.exec:\jtpxj.exe32⤵
- Executes dropped EXE
-
\??\c:\ndrrfpx.exec:\ndrrfpx.exe33⤵
- Executes dropped EXE
-
\??\c:\vdjnlb.exec:\vdjnlb.exe34⤵
- Executes dropped EXE
-
\??\c:\vvrtdld.exec:\vvrtdld.exe35⤵
- Executes dropped EXE
-
\??\c:\dlntlfp.exec:\dlntlfp.exe36⤵
- Executes dropped EXE
-
\??\c:\lfnrlxb.exec:\lfnrlxb.exe37⤵
- Executes dropped EXE
-
\??\c:\dplrl.exec:\dplrl.exe38⤵
- Executes dropped EXE
-
\??\c:\bxhrb.exec:\bxhrb.exe39⤵
- Executes dropped EXE
-
\??\c:\ndjrndr.exec:\ndjrndr.exe40⤵
- Executes dropped EXE
-
\??\c:\hrpdd.exec:\hrpdd.exe41⤵
- Executes dropped EXE
-
\??\c:\ftfxpx.exec:\ftfxpx.exe42⤵
- Executes dropped EXE
-
\??\c:\xfltn.exec:\xfltn.exe43⤵
- Executes dropped EXE
-
\??\c:\vfrjrx.exec:\vfrjrx.exe44⤵
- Executes dropped EXE
-
\??\c:\fpbpllp.exec:\fpbpllp.exe45⤵
- Executes dropped EXE
-
\??\c:\rxvtjbb.exec:\rxvtjbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jvfddl.exec:\jvfddl.exe47⤵
- Executes dropped EXE
-
\??\c:\rthbb.exec:\rthbb.exe48⤵
- Executes dropped EXE
-
\??\c:\tfphndn.exec:\tfphndn.exe49⤵
- Executes dropped EXE
-
\??\c:\hfrxf.exec:\hfrxf.exe50⤵
- Executes dropped EXE
-
\??\c:\fjhhvh.exec:\fjhhvh.exe51⤵
- Executes dropped EXE
-
\??\c:\vhjthp.exec:\vhjthp.exe52⤵
- Executes dropped EXE
-
\??\c:\lrllbtb.exec:\lrllbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\txrjrf.exec:\txrjrf.exe54⤵
- Executes dropped EXE
-
\??\c:\ptfjvd.exec:\ptfjvd.exe55⤵
- Executes dropped EXE
-
\??\c:\npvhb.exec:\npvhb.exe56⤵
- Executes dropped EXE
-
\??\c:\hjxdjx.exec:\hjxdjx.exe57⤵
- Executes dropped EXE
-
\??\c:\httlr.exec:\httlr.exe58⤵
- Executes dropped EXE
-
\??\c:\rxdxnhl.exec:\rxdxnhl.exe59⤵
- Executes dropped EXE
-
\??\c:\vdtjdf.exec:\vdtjdf.exe60⤵
- Executes dropped EXE
-
\??\c:\pprdlt.exec:\pprdlt.exe61⤵
- Executes dropped EXE
-
\??\c:\pbthnv.exec:\pbthnv.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ttflnpr.exec:\ttflnpr.exe63⤵
- Executes dropped EXE
-
\??\c:\lvrntft.exec:\lvrntft.exe64⤵
- Executes dropped EXE
-
\??\c:\pnxph.exec:\pnxph.exe65⤵
- Executes dropped EXE
-
\??\c:\lnvjrr.exec:\lnvjrr.exe66⤵
-
\??\c:\lttfd.exec:\lttfd.exe67⤵
-
\??\c:\dldhdf.exec:\dldhdf.exe68⤵
-
\??\c:\fhrbr.exec:\fhrbr.exe69⤵
-
\??\c:\dffvr.exec:\dffvr.exe70⤵
-
\??\c:\xblrp.exec:\xblrp.exe71⤵
-
\??\c:\xfxfd.exec:\xfxfd.exe72⤵
-
\??\c:\xfdhhbr.exec:\xfdhhbr.exe73⤵
-
\??\c:\prrdjtt.exec:\prrdjtt.exe74⤵
-
\??\c:\xpvvtft.exec:\xpvvtft.exe75⤵
-
\??\c:\xbdbnl.exec:\xbdbnl.exe76⤵
-
\??\c:\tlxnbp.exec:\tlxnbp.exe77⤵
-
\??\c:\hbxlp.exec:\hbxlp.exe78⤵
-
\??\c:\hjhfdr.exec:\hjhfdr.exe79⤵
-
\??\c:\fppvxf.exec:\fppvxf.exe80⤵
-
\??\c:\trrbd.exec:\trrbd.exe81⤵
-
\??\c:\tfttjlx.exec:\tfttjlx.exe82⤵
-
\??\c:\tlxdr.exec:\tlxdr.exe83⤵
-
\??\c:\xfjdbj.exec:\xfjdbj.exe84⤵
-
\??\c:\lpxbxp.exec:\lpxbxp.exe85⤵
-
\??\c:\xjhffbt.exec:\xjhffbt.exe86⤵
-
\??\c:\ldlnh.exec:\ldlnh.exe87⤵
-
\??\c:\lphrx.exec:\lphrx.exe88⤵
-
\??\c:\bfltnvl.exec:\bfltnvl.exe89⤵
-
\??\c:\dnxhxp.exec:\dnxhxp.exe90⤵
-
\??\c:\rhptt.exec:\rhptt.exe91⤵
-
\??\c:\rjhrdpx.exec:\rjhrdpx.exe92⤵
-
\??\c:\blhdft.exec:\blhdft.exe93⤵
-
\??\c:\tfldtt.exec:\tfldtt.exe94⤵
-
\??\c:\djlvp.exec:\djlvp.exe95⤵
-
\??\c:\lrtvvj.exec:\lrtvvj.exe96⤵
-
\??\c:\jhbddx.exec:\jhbddx.exe97⤵
-
\??\c:\rxvlxf.exec:\rxvlxf.exe98⤵
-
\??\c:\drjnvdh.exec:\drjnvdh.exe99⤵
-
\??\c:\txxnb.exec:\txxnb.exe100⤵
-
\??\c:\xljxpt.exec:\xljxpt.exe101⤵
-
\??\c:\hhhfr.exec:\hhhfr.exe102⤵
-
\??\c:\xpbjr.exec:\xpbjr.exe103⤵
-
\??\c:\dxpxj.exec:\dxpxj.exe104⤵
-
\??\c:\xhhjph.exec:\xhhjph.exe105⤵
-
\??\c:\dxtvdt.exec:\dxtvdt.exe106⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jltrbf.exec:\jltrbf.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ldhhn.exec:\ldhhn.exe108⤵
-
\??\c:\tbtbnd.exec:\tbtbnd.exe109⤵
-
\??\c:\btbfhpp.exec:\btbfhpp.exe110⤵
-
\??\c:\lvdlbxv.exec:\lvdlbxv.exe111⤵
-
\??\c:\dphpbnj.exec:\dphpbnj.exe112⤵
-
\??\c:\jffrt.exec:\jffrt.exe113⤵
-
\??\c:\xrbnh.exec:\xrbnh.exe114⤵
-
\??\c:\fjpbnjx.exec:\fjpbnjx.exe115⤵
-
\??\c:\nrfjlvx.exec:\nrfjlvx.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdhpp.exec:\vdhpp.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxdjhp.exec:\xxdjhp.exe118⤵
-
\??\c:\vrjpvpj.exec:\vrjpvpj.exe119⤵
-
\??\c:\jtfxn.exec:\jtfxn.exe120⤵
-
\??\c:\jvnvtbh.exec:\jvnvtbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-