Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-12-2024 02:52
General
-
Target
874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85.exe
-
Size
93KB
-
MD5
789612a58fd4b8deaca1dcd85daa895d
-
SHA1
2c227d9ad452da6a3e763e2ab15908f9bf545031
-
SHA256
874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85
-
SHA512
888e6de09c4f9ea6e52829ddc20ef6a2530386820e4613cbe377217a004e6ca3ba3818a5b1aaac1ccbbb5f994eb32720e85d1c35cf3a9cb8da92bbede1951a79
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp99zx/A0UtgK:ymb3NkkiQ3mdBjFo73tvn+Yp99zDut
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85.exe"C:\Users\Admin\AppData\Local\Temp\874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvv.exec:\5vvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdp.exec:\vjvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbt.exec:\hbnnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffr.exec:\rlxxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxff.exec:\rlflxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dppv.exec:\1dppv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjd.exec:\ppdjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlflfl.exec:\frlflfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntnn.exec:\htntnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxffr.exec:\lfrxffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfrflx.exec:\9lfrflx.exe17⤵
- Executes dropped EXE
-
\??\c:\hbthnn.exec:\hbthnn.exe18⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe19⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe20⤵
- Executes dropped EXE
-
\??\c:\7xffxxf.exec:\7xffxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe22⤵
- Executes dropped EXE
-
\??\c:\3tnnbb.exec:\3tnnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\7dvdj.exec:\7dvdj.exe24⤵
- Executes dropped EXE
-
\??\c:\5ddpv.exec:\5ddpv.exe25⤵
- Executes dropped EXE
-
\??\c:\llxfllr.exec:\llxfllr.exe26⤵
- Executes dropped EXE
-
\??\c:\7nbbhh.exec:\7nbbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\7nhbhh.exec:\7nhbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe29⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\5rflfxl.exec:\5rflfxl.exe31⤵
- Executes dropped EXE
-
\??\c:\tthbbn.exec:\tthbbn.exe32⤵
- Executes dropped EXE
-
\??\c:\9nhnhh.exec:\9nhnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe34⤵
- Executes dropped EXE
-
\??\c:\9rxfrrx.exec:\9rxfrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\hhthbh.exec:\hhthbh.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe39⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe40⤵
- Executes dropped EXE
-
\??\c:\xrrxllr.exec:\xrrxllr.exe41⤵
- Executes dropped EXE
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\hhbntb.exec:\hhbntb.exe43⤵
- Executes dropped EXE
-
\??\c:\5tnhbt.exec:\5tnhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\7pvdj.exec:\7pvdj.exe46⤵
- Executes dropped EXE
-
\??\c:\fxflrrx.exec:\fxflrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\frlrxrx.exec:\frlrxrx.exe48⤵
- Executes dropped EXE
-
\??\c:\bnttbh.exec:\bnttbh.exe49⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe50⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\3jdjv.exec:\3jdjv.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxxffr.exec:\rlxxffr.exe53⤵
- Executes dropped EXE
-
\??\c:\9lllrxx.exec:\9lllrxx.exe54⤵
- Executes dropped EXE
-
\??\c:\7hbhbb.exec:\7hbhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\1thntt.exec:\1thntt.exe56⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\7lfxffl.exec:\7lfxffl.exe59⤵
- Executes dropped EXE
-
\??\c:\7ffrlrx.exec:\7ffrlrx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe63⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxlrxf.exec:\xrxlrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\5xxllxr.exec:\5xxllxr.exe66⤵
-
\??\c:\7btnth.exec:\7btnth.exe67⤵
-
\??\c:\7htntb.exec:\7htntb.exe68⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe69⤵
-
\??\c:\frfrfrl.exec:\frfrfrl.exe70⤵
-
\??\c:\9ffllrf.exec:\9ffllrf.exe71⤵
-
\??\c:\bnbtbt.exec:\bnbtbt.exe72⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe73⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe74⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe75⤵
-
\??\c:\dddpj.exec:\dddpj.exe76⤵
-
\??\c:\5llrrxl.exec:\5llrrxl.exe77⤵
-
\??\c:\9nnnbb.exec:\9nnnbb.exe78⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe79⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe80⤵
-
\??\c:\pjppd.exec:\pjppd.exe81⤵
-
\??\c:\lxxxffl.exec:\lxxxffl.exe82⤵
-
\??\c:\3xlxflr.exec:\3xlxflr.exe83⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe84⤵
-
\??\c:\9nhthn.exec:\9nhthn.exe85⤵
-
\??\c:\bhnntb.exec:\bhnntb.exe86⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe87⤵
-
\??\c:\7xxrxrx.exec:\7xxrxrx.exe88⤵
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe89⤵
-
\??\c:\1tnhtn.exec:\1tnhtn.exe90⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe91⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe92⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe93⤵
-
\??\c:\1xlrxxl.exec:\1xlrxxl.exe94⤵
-
\??\c:\5lxlxxx.exec:\5lxlxxx.exe95⤵
-
\??\c:\btnntb.exec:\btnntb.exe96⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe97⤵
-
\??\c:\vjddd.exec:\vjddd.exe98⤵
-
\??\c:\ppddp.exec:\ppddp.exe99⤵
-
\??\c:\xrfrffr.exec:\xrfrffr.exe100⤵
-
\??\c:\7llxllx.exec:\7llxllx.exe101⤵
-
\??\c:\bbhttn.exec:\bbhttn.exe102⤵
-
\??\c:\thhnnn.exec:\thhnnn.exe103⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe104⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe105⤵
-
\??\c:\5lfrllr.exec:\5lfrllr.exe106⤵
-
\??\c:\1fxfxxf.exec:\1fxfxxf.exe107⤵
-
\??\c:\5hhbnt.exec:\5hhbnt.exe108⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe109⤵
-
\??\c:\3pddp.exec:\3pddp.exe110⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe111⤵
-
\??\c:\rllrflx.exec:\rllrflx.exe112⤵
-
\??\c:\5llrflr.exec:\5llrflr.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7ntbnn.exec:\7ntbnn.exe114⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe115⤵
-
\??\c:\dvppv.exec:\dvppv.exe116⤵
-
\??\c:\9rrxffl.exec:\9rrxffl.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rrxfffx.exec:\rrxfffx.exe118⤵
-
\??\c:\1ntthb.exec:\1ntthb.exe119⤵
-
\??\c:\9thbhn.exec:\9thbhn.exe120⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-