Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-12-2024 05:15
General
-
Target
edf178def828a4835bcaadc5dd4006c6502f770c0948c5c22f2bf1eb35a5077bN.exe
-
Size
70KB
-
MD5
c1b30d8ffe3c0b578b19e19e5a677690
-
SHA1
0c9474d6b65b9fbe09d999abc03638cf876d558f
-
SHA256
edf178def828a4835bcaadc5dd4006c6502f770c0948c5c22f2bf1eb35a5077b
-
SHA512
979ea833491cb1d3d6f3436af3469eb7614191af345bc5a5edf930896f73a5934739191ec6a85efe3d5cdd18d1a189872e95962a6c29428d8dfc66c469eee673
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcN:ymb3NkkiQ3mdBjFIsIVcN
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\edf178def828a4835bcaadc5dd4006c6502f770c0948c5c22f2bf1eb35a5077bN.exe"C:\Users\Admin\AppData\Local\Temp\edf178def828a4835bcaadc5dd4006c6502f770c0948c5c22f2bf1eb35a5077bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpj.exec:\9jvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxlr.exec:\rrlrxlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlffff.exec:\xrlffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbtb.exec:\3tbbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllllf.exec:\llllllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbt.exec:\ttntbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdp.exec:\vpvdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbn.exec:\tthtbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpv.exec:\5dvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdd.exec:\5vjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxfxl.exec:\fxfxfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnthh.exec:\tnnthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvp.exec:\1jdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrrrl.exec:\xfrrrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbbtn.exec:\5bbbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllrlx.exec:\ffllrlx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthh.exec:\hhbthh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrllf.exec:\rlxrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhtnh.exec:\nhhtnh.exe24⤵
- Executes dropped EXE
-
\??\c:\9vppd.exec:\9vppd.exe25⤵
- Executes dropped EXE
-
\??\c:\frllxxl.exec:\frllxxl.exe26⤵
- Executes dropped EXE
-
\??\c:\bhbhbh.exec:\bhbhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe28⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe29⤵
- Executes dropped EXE
-
\??\c:\3ffxfxl.exec:\3ffxfxl.exe30⤵
- Executes dropped EXE
-
\??\c:\lrfrrfr.exec:\lrfrrfr.exe31⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe32⤵
- Executes dropped EXE
-
\??\c:\5vpdp.exec:\5vpdp.exe33⤵
- Executes dropped EXE
-
\??\c:\5llxlfr.exec:\5llxlfr.exe34⤵
- Executes dropped EXE
-
\??\c:\9hnhnn.exec:\9hnhnn.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe36⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe37⤵
- Executes dropped EXE
-
\??\c:\9fflrll.exec:\9fflrll.exe38⤵
- Executes dropped EXE
-
\??\c:\9tttnh.exec:\9tttnh.exe39⤵
- Executes dropped EXE
-
\??\c:\thnbhb.exec:\thnbhb.exe40⤵
- Executes dropped EXE
-
\??\c:\5dpdj.exec:\5dpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\xlfxlfr.exec:\xlfxlfr.exe43⤵
- Executes dropped EXE
-
\??\c:\bhbhbt.exec:\bhbhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnnnb.exec:\ttnnnb.exe45⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe46⤵
- Executes dropped EXE
-
\??\c:\xxfxlll.exec:\xxfxlll.exe47⤵
- Executes dropped EXE
-
\??\c:\7xrxrxl.exec:\7xrxrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\5dppj.exec:\5dppj.exe50⤵
- Executes dropped EXE
-
\??\c:\1pjdv.exec:\1pjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\1xrlxff.exec:\1xrlxff.exe52⤵
- Executes dropped EXE
-
\??\c:\3bbnhh.exec:\3bbnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\9hbnnh.exec:\9hbnnh.exe54⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe57⤵
- Executes dropped EXE
-
\??\c:\nbbhhh.exec:\nbbhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\3thhbh.exec:\3thhbh.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\xlffrrf.exec:\xlffrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\httthb.exec:\httthb.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnnhb.exec:\tnnnhb.exe63⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\3vjvd.exec:\3vjvd.exe65⤵
- Executes dropped EXE
-
\??\c:\frlfrrf.exec:\frlfrrf.exe66⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe67⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe68⤵
-
\??\c:\vppdp.exec:\vppdp.exe69⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe70⤵
-
\??\c:\lrlxllx.exec:\lrlxllx.exe71⤵
-
\??\c:\dppjj.exec:\dppjj.exe72⤵
-
\??\c:\lrllfxr.exec:\lrllfxr.exe73⤵
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe74⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe75⤵
-
\??\c:\djjjd.exec:\djjjd.exe76⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe77⤵
-
\??\c:\xfrrlrl.exec:\xfrrlrl.exe78⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe79⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe80⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe81⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe82⤵
-
\??\c:\rfxxrxx.exec:\rfxxrxx.exe83⤵
-
\??\c:\3nnbtb.exec:\3nnbtb.exe84⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe85⤵
-
\??\c:\9jjdj.exec:\9jjdj.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1lrflfx.exec:\1lrflfx.exe87⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe88⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe89⤵
-
\??\c:\hhhhnt.exec:\hhhhnt.exe90⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe91⤵
-
\??\c:\lrrlfff.exec:\lrrlfff.exe92⤵
-
\??\c:\lfllrrl.exec:\lfllrrl.exe93⤵
-
\??\c:\3tntnn.exec:\3tntnn.exe94⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe95⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe96⤵
-
\??\c:\1ffllxr.exec:\1ffllxr.exe97⤵
-
\??\c:\xlrfrxl.exec:\xlrfrxl.exe98⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe99⤵
-
\??\c:\pdppd.exec:\pdppd.exe100⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe101⤵
-
\??\c:\fxrlrrl.exec:\fxrlrrl.exe102⤵
-
\??\c:\lrxrfxx.exec:\lrxrfxx.exe103⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe104⤵
-
\??\c:\9nhtht.exec:\9nhtht.exe105⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe106⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe107⤵
-
\??\c:\1xlrrll.exec:\1xlrrll.exe108⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe109⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe110⤵
-
\??\c:\3nbthh.exec:\3nbthh.exe111⤵
-
\??\c:\pjddp.exec:\pjddp.exe112⤵
-
\??\c:\flrlfxf.exec:\flrlfxf.exe113⤵
-
\??\c:\rrrfrlf.exec:\rrrfrlf.exe114⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe115⤵
-
\??\c:\7vvjv.exec:\7vvjv.exe116⤵
-
\??\c:\pddvv.exec:\pddvv.exe117⤵
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe118⤵
-
\??\c:\pdddv.exec:\pdddv.exe119⤵
-
\??\c:\xxrflfr.exec:\xxrflfr.exe120⤵
-
\??\c:\5xrrllx.exec:\5xrrllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-