Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19-12-2024 01:08
General
-
Target
a20136213384e8487dc4cb5e4dc4c2e94427e509d8fb213ab4e7f8126791a283.exe
-
Size
454KB
-
MD5
24ee11649df7174f5daeae23063c1bd1
-
SHA1
4c926fda55c3f8b2f4eac8008a325aa7101b19ae
-
SHA256
a20136213384e8487dc4cb5e4dc4c2e94427e509d8fb213ab4e7f8126791a283
-
SHA512
a05da8c57e252f08b7b8739b0f229fe2e35839c7e6f7db5360750fbba3d1cae476771817f07ae36f2355728ee350e2e6f67230acb338977c8b16cf8847261193
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe17:q7Tc2NYHUrAwfMp3CD17
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a20136213384e8487dc4cb5e4dc4c2e94427e509d8fb213ab4e7f8126791a283.exe"C:\Users\Admin\AppData\Local\Temp\a20136213384e8487dc4cb5e4dc4c2e94427e509d8fb213ab4e7f8126791a283.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bphjdbh.exec:\bphjdbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrlfnxv.exec:\hrlfnxv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhlpx.exec:\rhlpx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjtllv.exec:\bjtllv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxrjrf.exec:\bxrjrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfjnb.exec:\nfjnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvbhdrf.exec:\rvbhdrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnpvr.exec:\bnpvr.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\trlhxp.exec:\trlhxp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phxjdl.exec:\phxjdl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrbnx.exec:\xrrbnx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxdld.exec:\hxdld.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjjfpb.exec:\rjjfpb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndhth.exec:\ndhth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jblrpjd.exec:\jblrpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrldpt.exec:\rrrldpt.exe17⤵
- Executes dropped EXE
-
\??\c:\brjbpdf.exec:\brjbpdf.exe18⤵
- Executes dropped EXE
-
\??\c:\pfdvpxf.exec:\pfdvpxf.exe19⤵
- Executes dropped EXE
-
\??\c:\dbxbvjp.exec:\dbxbvjp.exe20⤵
- Executes dropped EXE
-
\??\c:\xhllbj.exec:\xhllbj.exe21⤵
- Executes dropped EXE
-
\??\c:\xpthhhj.exec:\xpthhhj.exe22⤵
- Executes dropped EXE
-
\??\c:\bxvvbjv.exec:\bxvvbjv.exe23⤵
- Executes dropped EXE
-
\??\c:\rnbjfrf.exec:\rnbjfrf.exe24⤵
- Executes dropped EXE
-
\??\c:\fvprb.exec:\fvprb.exe25⤵
- Executes dropped EXE
-
\??\c:\lttdnfv.exec:\lttdnfv.exe26⤵
- Executes dropped EXE
-
\??\c:\xhbtlxv.exec:\xhbtlxv.exe27⤵
- Executes dropped EXE
-
\??\c:\lfdtdnp.exec:\lfdtdnp.exe28⤵
- Executes dropped EXE
-
\??\c:\llbxrr.exec:\llbxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\vplrx.exec:\vplrx.exe30⤵
- Executes dropped EXE
-
\??\c:\hfnxlj.exec:\hfnxlj.exe31⤵
- Executes dropped EXE
-
\??\c:\llnfd.exec:\llnfd.exe32⤵
- Executes dropped EXE
-
\??\c:\jnrbr.exec:\jnrbr.exe33⤵
- Executes dropped EXE
-
\??\c:\bvvrxpf.exec:\bvvrxpf.exe34⤵
- Executes dropped EXE
-
\??\c:\jnxbfx.exec:\jnxbfx.exe35⤵
- Executes dropped EXE
-
\??\c:\rrrfbjf.exec:\rrrfbjf.exe36⤵
- Executes dropped EXE
-
\??\c:\xdfbrpv.exec:\xdfbrpv.exe37⤵
- Executes dropped EXE
-
\??\c:\lbrfvf.exec:\lbrfvf.exe38⤵
- Executes dropped EXE
-
\??\c:\rvnrjvn.exec:\rvnrjvn.exe39⤵
- Executes dropped EXE
-
\??\c:\tfjdh.exec:\tfjdh.exe40⤵
- Executes dropped EXE
-
\??\c:\vvjdptt.exec:\vvjdptt.exe41⤵
- Executes dropped EXE
-
\??\c:\rtlpfhn.exec:\rtlpfhn.exe42⤵
- Executes dropped EXE
-
\??\c:\lpxxfx.exec:\lpxxfx.exe43⤵
- Executes dropped EXE
-
\??\c:\nxnplh.exec:\nxnplh.exe44⤵
- Executes dropped EXE
-
\??\c:\dlbtrdh.exec:\dlbtrdh.exe45⤵
- Executes dropped EXE
-
\??\c:\bnlnn.exec:\bnlnn.exe46⤵
- Executes dropped EXE
-
\??\c:\xvhjp.exec:\xvhjp.exe47⤵
- Executes dropped EXE
-
\??\c:\vprhj.exec:\vprhj.exe48⤵
- Executes dropped EXE
-
\??\c:\flnprpx.exec:\flnprpx.exe49⤵
- Executes dropped EXE
-
\??\c:\xhfjf.exec:\xhfjf.exe50⤵
- Executes dropped EXE
-
\??\c:\ljnlp.exec:\ljnlp.exe51⤵
- Executes dropped EXE
-
\??\c:\rfvrl.exec:\rfvrl.exe52⤵
- Executes dropped EXE
-
\??\c:\vbhvbvj.exec:\vbhvbvj.exe53⤵
- Executes dropped EXE
-
\??\c:\phhbl.exec:\phhbl.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnbjrn.exec:\nnnbjrn.exe55⤵
- Executes dropped EXE
-
\??\c:\phfhjj.exec:\phfhjj.exe56⤵
- Executes dropped EXE
-
\??\c:\tnvpv.exec:\tnvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\jvddl.exec:\jvddl.exe58⤵
- Executes dropped EXE
-
\??\c:\dvttbt.exec:\dvttbt.exe59⤵
- Executes dropped EXE
-
\??\c:\dlvxdt.exec:\dlvxdt.exe60⤵
- Executes dropped EXE
-
\??\c:\ptdhb.exec:\ptdhb.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dxbfbr.exec:\dxbfbr.exe62⤵
- Executes dropped EXE
-
\??\c:\tjtxpbn.exec:\tjtxpbn.exe63⤵
- Executes dropped EXE
-
\??\c:\bxhfrt.exec:\bxhfrt.exe64⤵
- Executes dropped EXE
-
\??\c:\lnrttfn.exec:\lnrttfn.exe65⤵
- Executes dropped EXE
-
\??\c:\jxrvhtx.exec:\jxrvhtx.exe66⤵
-
\??\c:\xljtfpx.exec:\xljtfpx.exe67⤵
-
\??\c:\lbbbn.exec:\lbbbn.exe68⤵
-
\??\c:\vjhfv.exec:\vjhfv.exe69⤵
-
\??\c:\hlrlxjd.exec:\hlrlxjd.exe70⤵
-
\??\c:\nbjnjlh.exec:\nbjnjlh.exe71⤵
-
\??\c:\vfrdvjt.exec:\vfrdvjt.exe72⤵
-
\??\c:\pjpjt.exec:\pjpjt.exe73⤵
-
\??\c:\nbtht.exec:\nbtht.exe74⤵
-
\??\c:\bbrphn.exec:\bbrphn.exe75⤵
-
\??\c:\jprjrf.exec:\jprjrf.exe76⤵
-
\??\c:\bjnbntd.exec:\bjnbntd.exe77⤵
-
\??\c:\vfpjtr.exec:\vfpjtr.exe78⤵
-
\??\c:\xtpbrn.exec:\xtpbrn.exe79⤵
-
\??\c:\hptrrx.exec:\hptrrx.exe80⤵
-
\??\c:\rhndn.exec:\rhndn.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnvhl.exec:\bnvhl.exe82⤵
-
\??\c:\jldjln.exec:\jldjln.exe83⤵
-
\??\c:\ndxjpb.exec:\ndxjpb.exe84⤵
-
\??\c:\nlhfjf.exec:\nlhfjf.exe85⤵
-
\??\c:\rrhvhjn.exec:\rrhvhjn.exe86⤵
-
\??\c:\ffxxfv.exec:\ffxxfv.exe87⤵
-
\??\c:\hxjdrj.exec:\hxjdrj.exe88⤵
-
\??\c:\djvndpd.exec:\djvndpd.exe89⤵
-
\??\c:\lrfrjpn.exec:\lrfrjpn.exe90⤵
-
\??\c:\tbdfvd.exec:\tbdfvd.exe91⤵
-
\??\c:\bnrhxhb.exec:\bnrhxhb.exe92⤵
-
\??\c:\rjjpdp.exec:\rjjpdp.exe93⤵
-
\??\c:\xrpldxl.exec:\xrpldxl.exe94⤵
-
\??\c:\nlfxxd.exec:\nlfxxd.exe95⤵
-
\??\c:\htrldvh.exec:\htrldvh.exe96⤵
-
\??\c:\rjftn.exec:\rjftn.exe97⤵
-
\??\c:\fltvxt.exec:\fltvxt.exe98⤵
-
\??\c:\vjpdhb.exec:\vjpdhb.exe99⤵
-
\??\c:\vnjfn.exec:\vnjfn.exe100⤵
-
\??\c:\jnxtb.exec:\jnxtb.exe101⤵
-
\??\c:\xbjjxb.exec:\xbjjxb.exe102⤵
-
\??\c:\bnrnl.exec:\bnrnl.exe103⤵
-
\??\c:\jhrjlld.exec:\jhrjlld.exe104⤵
-
\??\c:\brvjp.exec:\brvjp.exe105⤵
-
\??\c:\lvlxh.exec:\lvlxh.exe106⤵
-
\??\c:\bnrnn.exec:\bnrnn.exe107⤵
-
\??\c:\ttrrjp.exec:\ttrrjp.exe108⤵
-
\??\c:\njfdnd.exec:\njfdnd.exe109⤵
-
\??\c:\jfbnxjj.exec:\jfbnxjj.exe110⤵
-
\??\c:\rnljdfl.exec:\rnljdfl.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djrxdnx.exec:\djrxdnx.exe112⤵
-
\??\c:\dpnjxtn.exec:\dpnjxtn.exe113⤵
-
\??\c:\fbljj.exec:\fbljj.exe114⤵
-
\??\c:\vpfnt.exec:\vpfnt.exe115⤵
-
\??\c:\lxxnnnd.exec:\lxxnnnd.exe116⤵
-
\??\c:\nnjfrv.exec:\nnjfrv.exe117⤵
-
\??\c:\pdvbjd.exec:\pdvbjd.exe118⤵
-
\??\c:\vbjht.exec:\vbjht.exe119⤵
-
\??\c:\rdtbpt.exec:\rdtbpt.exe120⤵
-
\??\c:\lxftd.exec:\lxftd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-