Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19/12/2024, 20:20
General
-
Target
674b532a02107996c7bf4c765597d6a7105d99203411026e2f55bfa918c48f3eN.exe
-
Size
96KB
-
MD5
794b87e935c8f13cb7bda43dce397910
-
SHA1
20dfeeba86c5fb509aabd618ab9e7d78e6649076
-
SHA256
674b532a02107996c7bf4c765597d6a7105d99203411026e2f55bfa918c48f3e
-
SHA512
0a3da19732367086c6d7d61d6eecd92662dc1ba8d57e68d1c6a233c607d24a9c6ed3d267fa3e9838b0bc2585193ce47c5a8824cae7911ea2816580375ec5d1d7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIRwnohZkqR4Ra13vYlXO:ymb3NkkiQ3mdBjFo7LAIRUohDmRIL
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\674b532a02107996c7bf4c765597d6a7105d99203411026e2f55bfa918c48f3eN.exe"C:\Users\Admin\AppData\Local\Temp\674b532a02107996c7bf4c765597d6a7105d99203411026e2f55bfa918c48f3eN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrfff.exec:\rrxrfff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnn.exec:\bbnnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllffx.exec:\llllffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxxr.exec:\fxxfxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbnb.exec:\thbbnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdp.exec:\3djdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrfff.exec:\1fxrfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnnb.exec:\nnhnnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlllr.exec:\ffrlllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnntn.exec:\bbnntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhtt.exec:\nhnhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjvd.exec:\7jjvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxxx.exec:\fffxxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtb.exec:\hbhbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdv.exec:\ddvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe24⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\9ntnhh.exec:\9ntnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe27⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe28⤵
- Executes dropped EXE
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\7thhnn.exec:\7thhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\bthbtb.exec:\bthbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\3lfxxxr.exec:\3lfxxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbtnn.exec:\hnbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe36⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\rfffxxx.exec:\rfffxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\tntnht.exec:\tntnht.exe40⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe41⤵
- Executes dropped EXE
-
\??\c:\7jdvp.exec:\7jdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\xrlffxl.exec:\xrlffxl.exe43⤵
- Executes dropped EXE
-
\??\c:\5rrlrrr.exec:\5rrlrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\1vvvv.exec:\1vvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\1jjjv.exec:\1jjjv.exe46⤵
- Executes dropped EXE
-
\??\c:\5rlffll.exec:\5rlffll.exe47⤵
- Executes dropped EXE
-
\??\c:\9nhnnt.exec:\9nhnnt.exe48⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe50⤵
- Executes dropped EXE
-
\??\c:\llrrfff.exec:\llrrfff.exe51⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\bthbnb.exec:\bthbnb.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\xflxfff.exec:\xflxfff.exe55⤵
- Executes dropped EXE
-
\??\c:\flxxrrx.exec:\flxxrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\thtbht.exec:\thtbht.exe57⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe58⤵
- Executes dropped EXE
-
\??\c:\rflfrrr.exec:\rflfrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\7hbtbb.exec:\7hbtbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe62⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrllfx.exec:\xxrllfx.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnhnh.exec:\ttnhnh.exe65⤵
- Executes dropped EXE
-
\??\c:\3tnhbt.exec:\3tnhbt.exe66⤵
-
\??\c:\vpppp.exec:\vpppp.exe67⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe68⤵
-
\??\c:\fffrflf.exec:\fffrflf.exe69⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe70⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe71⤵
-
\??\c:\jddpd.exec:\jddpd.exe72⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe73⤵
-
\??\c:\9frlfff.exec:\9frlfff.exe74⤵
-
\??\c:\fxxlfff.exec:\fxxlfff.exe75⤵
-
\??\c:\bhhhbh.exec:\bhhhbh.exe76⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe77⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe78⤵
-
\??\c:\1vvdj.exec:\1vvdj.exe79⤵
-
\??\c:\flrrlrl.exec:\flrrlrl.exe80⤵
-
\??\c:\1frrxxx.exec:\1frrxxx.exe81⤵
-
\??\c:\btttnn.exec:\btttnn.exe82⤵
-
\??\c:\7tbttt.exec:\7tbttt.exe83⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe84⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe85⤵
-
\??\c:\3xlxrrr.exec:\3xlxrrr.exe86⤵
-
\??\c:\xfrrllf.exec:\xfrrllf.exe87⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe88⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe89⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe90⤵
-
\??\c:\5vvpp.exec:\5vvpp.exe91⤵
-
\??\c:\llfffll.exec:\llfffll.exe92⤵
-
\??\c:\xxxxllx.exec:\xxxxllx.exe93⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe94⤵
-
\??\c:\vppdv.exec:\vppdv.exe95⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe96⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe97⤵
-
\??\c:\xxllfrx.exec:\xxllfrx.exe98⤵
-
\??\c:\nnthhb.exec:\nnthhb.exe99⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe100⤵
-
\??\c:\1jppd.exec:\1jppd.exe101⤵
-
\??\c:\rffffff.exec:\rffffff.exe102⤵
-
\??\c:\5flfxxr.exec:\5flfxxr.exe103⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe104⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe105⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe106⤵
-
\??\c:\1xxrlrl.exec:\1xxrlrl.exe107⤵
-
\??\c:\3hbbbb.exec:\3hbbbb.exe108⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe109⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe110⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe111⤵
-
\??\c:\7pppd.exec:\7pppd.exe112⤵
-
\??\c:\fflfrrx.exec:\fflfrrx.exe113⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe114⤵
-
\??\c:\tttttt.exec:\tttttt.exe115⤵
-
\??\c:\5jddp.exec:\5jddp.exe116⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe117⤵
-
\??\c:\7rxrlff.exec:\7rxrlff.exe118⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe119⤵
-
\??\c:\nbbtht.exec:\nbbtht.exe120⤵
-
\??\c:\djjvp.exec:\djjvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-