Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 20:13
General
-
Target
e0be348094407cd4b110be9e8ccf24776eb7c52896ca9ab1b9d2eec2701d8e90N.exe
-
Size
82KB
-
MD5
d2c1a78877ec264e9183c46e1137b940
-
SHA1
d84e229059378aae4e1e2ea64ecfa91252b13e6c
-
SHA256
e0be348094407cd4b110be9e8ccf24776eb7c52896ca9ab1b9d2eec2701d8e90
-
SHA512
b394ec72e6f8c59391a5d8b60b7c9d05684a3f487eb06d9c50939f24629643350bd90415b2715923a8c46e8efd71852d891cc38e1e6035f92b1a81adca8ba24b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeqe:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4r2
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0be348094407cd4b110be9e8ccf24776eb7c52896ca9ab1b9d2eec2701d8e90N.exe"C:\Users\Admin\AppData\Local\Temp\e0be348094407cd4b110be9e8ccf24776eb7c52896ca9ab1b9d2eec2701d8e90N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlll.exec:\lfxrlll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlrrl.exec:\rrrlrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtn.exec:\hbhhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddv.exec:\7vddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrflfr.exec:\frrflfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtt.exec:\hhbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpp.exec:\ddvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntth.exec:\ttntth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxxll.exec:\lxxxxll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllll.exec:\lflllll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnn.exec:\nbbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpj.exec:\jjjpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrlll.exec:\rrrrlll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnn.exec:\ntbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbt.exec:\htbbbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe24⤵
- Executes dropped EXE
-
\??\c:\rffxlrr.exec:\rffxlrr.exe25⤵
- Executes dropped EXE
-
\??\c:\flffrlf.exec:\flffrlf.exe26⤵
- Executes dropped EXE
-
\??\c:\nttbth.exec:\nttbth.exe27⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\lfllxrl.exec:\lfllxrl.exe29⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe31⤵
- Executes dropped EXE
-
\??\c:\rlffxfx.exec:\rlffxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe34⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\9ppjv.exec:\9ppjv.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrfrrl.exec:\fxrfrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\rllfxlf.exec:\rllfxlf.exe44⤵
- Executes dropped EXE
-
\??\c:\bhbtnh.exec:\bhbtnh.exe45⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\rxlxlfl.exec:\rxlxlfl.exe49⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe51⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe52⤵
- Executes dropped EXE
-
\??\c:\frxfrff.exec:\frxfrff.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe56⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\9lfxllf.exec:\9lfxllf.exe58⤵
- Executes dropped EXE
-
\??\c:\ffflllf.exec:\ffflllf.exe59⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\rxrrlll.exec:\rxrrlll.exe63⤵
- Executes dropped EXE
-
\??\c:\lrlxxxr.exec:\lrlxxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\3nttnn.exec:\3nttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\bhttbh.exec:\bhttbh.exe66⤵
-
\??\c:\jdddv.exec:\jdddv.exe67⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe68⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe69⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btnhbt.exec:\btnhbt.exe71⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe72⤵
-
\??\c:\rflfllf.exec:\rflfllf.exe73⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe74⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe75⤵
-
\??\c:\vjddp.exec:\vjddp.exe76⤵
-
\??\c:\xfxrfxr.exec:\xfxrfxr.exe77⤵
-
\??\c:\tnnhnn.exec:\tnnhnn.exe78⤵
-
\??\c:\bntttt.exec:\bntttt.exe79⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe80⤵
-
\??\c:\rxfxlrl.exec:\rxfxlrl.exe81⤵
-
\??\c:\fffxxrr.exec:\fffxxrr.exe82⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe83⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe84⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe85⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe86⤵
-
\??\c:\lrxfxxr.exec:\lrxfxxr.exe87⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe88⤵
-
\??\c:\hhbbbt.exec:\hhbbbt.exe89⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe90⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe91⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe92⤵
-
\??\c:\llrxxxf.exec:\llrxxxf.exe93⤵
-
\??\c:\rrfxrlf.exec:\rrfxrlf.exe94⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe95⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe96⤵
-
\??\c:\1vvvv.exec:\1vvvv.exe97⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe98⤵
-
\??\c:\flrrfff.exec:\flrrfff.exe99⤵
-
\??\c:\fxxflll.exec:\fxxflll.exe100⤵
-
\??\c:\tnhbth.exec:\tnhbth.exe101⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe102⤵
-
\??\c:\djjjv.exec:\djjjv.exe103⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe104⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe105⤵
-
\??\c:\fxxfxxr.exec:\fxxfxxr.exe106⤵
-
\??\c:\ttbhbb.exec:\ttbhbb.exe107⤵
-
\??\c:\btttnn.exec:\btttnn.exe108⤵
-
\??\c:\5djdv.exec:\5djdv.exe109⤵
-
\??\c:\1jddp.exec:\1jddp.exe110⤵
-
\??\c:\lxfxrrx.exec:\lxfxrrx.exe111⤵
-
\??\c:\lfrffff.exec:\lfrffff.exe112⤵
-
\??\c:\bnnbnt.exec:\bnnbnt.exe113⤵
-
\??\c:\7dppd.exec:\7dppd.exe114⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe115⤵
-
\??\c:\rlflfff.exec:\rlflfff.exe116⤵
-
\??\c:\lfflfff.exec:\lfflfff.exe117⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe118⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe119⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe120⤵
-
\??\c:\xlfxrll.exec:\xlfxrll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-