Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
23-12-2024 04:17
General
-
Target
ea68216f15e150df7f2da475f8d4079411185e26ed154d3e2b59082ade589469.exe
-
Size
453KB
-
MD5
fd9320ad7a7ef069db62e0456cc60269
-
SHA1
b91ad8acb65e10995b79257b2d4117b839403a32
-
SHA256
ea68216f15e150df7f2da475f8d4079411185e26ed154d3e2b59082ade589469
-
SHA512
8a6f29c75f3043a24bd75e1748c2cbabf5a014345ba99df5ad60fb12134b430ccdb93f09a29d5e5d31be282504423ab81212b4416a16cfd1aec5f04632211c73
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe8:q7Tc2NYHUrAwfMp3CD8
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea68216f15e150df7f2da475f8d4079411185e26ed154d3e2b59082ade589469.exe"C:\Users\Admin\AppData\Local\Temp\ea68216f15e150df7f2da475f8d4079411185e26ed154d3e2b59082ade589469.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dxvvblv.exec:\dxvvblv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftjrtn.exec:\ftjrtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjxpf.exec:\bjxpf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbfbndx.exec:\tbfbndx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrxvh.exec:\vrxvh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httrtfl.exec:\httrtfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdfxd.exec:\xdfxd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrphfh.exec:\jrphfh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjnrpvj.exec:\xjnrpvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdbxxf.exec:\jpdbxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llvhnh.exec:\llvhnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxltn.exec:\fxltn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhtflbr.exec:\vhtflbr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdpbfjn.exec:\xdpbfjn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdvhn.exec:\jppdvhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhdxfd.exec:\xhdxfd.exe17⤵
- Executes dropped EXE
-
\??\c:\hjdrhv.exec:\hjdrhv.exe18⤵
- Executes dropped EXE
-
\??\c:\hlvhxv.exec:\hlvhxv.exe19⤵
- Executes dropped EXE
-
\??\c:\tbfvxvx.exec:\tbfvxvx.exe20⤵
- Executes dropped EXE
-
\??\c:\nvjppvh.exec:\nvjppvh.exe21⤵
- Executes dropped EXE
-
\??\c:\hrhdfn.exec:\hrhdfn.exe22⤵
- Executes dropped EXE
-
\??\c:\jrvfr.exec:\jrvfr.exe23⤵
- Executes dropped EXE
-
\??\c:\hnljl.exec:\hnljl.exe24⤵
- Executes dropped EXE
-
\??\c:\npjph.exec:\npjph.exe25⤵
- Executes dropped EXE
-
\??\c:\pbdphbb.exec:\pbdphbb.exe26⤵
- Executes dropped EXE
-
\??\c:\tttth.exec:\tttth.exe27⤵
- Executes dropped EXE
-
\??\c:\fbntf.exec:\fbntf.exe28⤵
- Executes dropped EXE
-
\??\c:\tttlrtv.exec:\tttlrtv.exe29⤵
- Executes dropped EXE
-
\??\c:\xpdnv.exec:\xpdnv.exe30⤵
- Executes dropped EXE
-
\??\c:\xbrfnbh.exec:\xbrfnbh.exe31⤵
- Executes dropped EXE
-
\??\c:\vhlbdld.exec:\vhlbdld.exe32⤵
- Executes dropped EXE
-
\??\c:\xnpjbpp.exec:\xnpjbpp.exe33⤵
- Executes dropped EXE
-
\??\c:\fhdpvf.exec:\fhdpvf.exe34⤵
- Executes dropped EXE
-
\??\c:\fbndp.exec:\fbndp.exe35⤵
- Executes dropped EXE
-
\??\c:\tnffd.exec:\tnffd.exe36⤵
- Executes dropped EXE
-
\??\c:\lljdrd.exec:\lljdrd.exe37⤵
- Executes dropped EXE
-
\??\c:\xplxd.exec:\xplxd.exe38⤵
- Executes dropped EXE
-
\??\c:\ddpjxn.exec:\ddpjxn.exe39⤵
- Executes dropped EXE
-
\??\c:\hnvhr.exec:\hnvhr.exe40⤵
- Executes dropped EXE
-
\??\c:\lrrnrpt.exec:\lrrnrpt.exe41⤵
- Executes dropped EXE
-
\??\c:\jjnrb.exec:\jjnrb.exe42⤵
- Executes dropped EXE
-
\??\c:\xfhhlh.exec:\xfhhlh.exe43⤵
- Executes dropped EXE
-
\??\c:\lnttxdr.exec:\lnttxdr.exe44⤵
- Executes dropped EXE
-
\??\c:\hhlhl.exec:\hhlhl.exe45⤵
- Executes dropped EXE
-
\??\c:\txdlrhf.exec:\txdlrhf.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjfl.exec:\dvjfl.exe47⤵
- Executes dropped EXE
-
\??\c:\tlprr.exec:\tlprr.exe48⤵
- Executes dropped EXE
-
\??\c:\brntvjn.exec:\brntvjn.exe49⤵
- Executes dropped EXE
-
\??\c:\blhlv.exec:\blhlv.exe50⤵
- Executes dropped EXE
-
\??\c:\bhjbpv.exec:\bhjbpv.exe51⤵
- Executes dropped EXE
-
\??\c:\htltrff.exec:\htltrff.exe52⤵
- Executes dropped EXE
-
\??\c:\lxnrbj.exec:\lxnrbj.exe53⤵
- Executes dropped EXE
-
\??\c:\rfnpbn.exec:\rfnpbn.exe54⤵
- Executes dropped EXE
-
\??\c:\prxnld.exec:\prxnld.exe55⤵
- Executes dropped EXE
-
\??\c:\hnvrbrp.exec:\hnvrbrp.exe56⤵
- Executes dropped EXE
-
\??\c:\vjpnpnr.exec:\vjpnpnr.exe57⤵
- Executes dropped EXE
-
\??\c:\jppxpdl.exec:\jppxpdl.exe58⤵
- Executes dropped EXE
-
\??\c:\fpntl.exec:\fpntl.exe59⤵
- Executes dropped EXE
-
\??\c:\txntd.exec:\txntd.exe60⤵
- Executes dropped EXE
-
\??\c:\bfffl.exec:\bfffl.exe61⤵
- Executes dropped EXE
-
\??\c:\bppbxn.exec:\bppbxn.exe62⤵
- Executes dropped EXE
-
\??\c:\hjbpvp.exec:\hjbpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\xpdvp.exec:\xpdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\hffjfbr.exec:\hffjfbr.exe65⤵
- Executes dropped EXE
-
\??\c:\vbvnpt.exec:\vbvnpt.exe66⤵
-
\??\c:\rvtxvn.exec:\rvtxvn.exe67⤵
-
\??\c:\nblbnv.exec:\nblbnv.exe68⤵
-
\??\c:\jfvxj.exec:\jfvxj.exe69⤵
-
\??\c:\fhnbxf.exec:\fhnbxf.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rbppj.exec:\rbppj.exe71⤵
-
\??\c:\dbttl.exec:\dbttl.exe72⤵
-
\??\c:\rvbbdn.exec:\rvbbdn.exe73⤵
-
\??\c:\fftltj.exec:\fftltj.exe74⤵
-
\??\c:\vrtld.exec:\vrtld.exe75⤵
-
\??\c:\dtdfvr.exec:\dtdfvr.exe76⤵
-
\??\c:\vndftxf.exec:\vndftxf.exe77⤵
-
\??\c:\vhxjtbf.exec:\vhxjtbf.exe78⤵
-
\??\c:\bnbjlx.exec:\bnbjlx.exe79⤵
-
\??\c:\dtfrpf.exec:\dtfrpf.exe80⤵
-
\??\c:\phpptdd.exec:\phpptdd.exe81⤵
-
\??\c:\vpfhbvj.exec:\vpfhbvj.exe82⤵
-
\??\c:\pvbtbf.exec:\pvbtbf.exe83⤵
-
\??\c:\ndrlhhx.exec:\ndrlhhx.exe84⤵
-
\??\c:\xnpxrfd.exec:\xnpxrfd.exe85⤵
-
\??\c:\rvrjl.exec:\rvrjl.exe86⤵
-
\??\c:\nbbnv.exec:\nbbnv.exe87⤵
-
\??\c:\blfrfx.exec:\blfrfx.exe88⤵
-
\??\c:\dtnrxjx.exec:\dtnrxjx.exe89⤵
-
\??\c:\hvhxdlb.exec:\hvhxdlb.exe90⤵
-
\??\c:\jvhfn.exec:\jvhfn.exe91⤵
-
\??\c:\xvbpp.exec:\xvbpp.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rpfnh.exec:\rpfnh.exe93⤵
-
\??\c:\nfnbbxv.exec:\nfnbbxv.exe94⤵
-
\??\c:\vbvnxbp.exec:\vbvnxbp.exe95⤵
-
\??\c:\npfvrh.exec:\npfvrh.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hpnvfrb.exec:\hpnvfrb.exe97⤵
-
\??\c:\ppvnjrr.exec:\ppvnjrr.exe98⤵
-
\??\c:\rfrrrl.exec:\rfrrrl.exe99⤵
-
\??\c:\nfrrt.exec:\nfrrt.exe100⤵
-
\??\c:\frjtpr.exec:\frjtpr.exe101⤵
-
\??\c:\ttrvt.exec:\ttrvt.exe102⤵
-
\??\c:\ttlrhlx.exec:\ttlrhlx.exe103⤵
-
\??\c:\fnfrvrj.exec:\fnfrvrj.exe104⤵
-
\??\c:\pbnhpx.exec:\pbnhpx.exe105⤵
-
\??\c:\jtbnt.exec:\jtbnt.exe106⤵
-
\??\c:\dhppjp.exec:\dhppjp.exe107⤵
-
\??\c:\jdnnnhv.exec:\jdnnnhv.exe108⤵
-
\??\c:\xfbjffv.exec:\xfbjffv.exe109⤵
-
\??\c:\xvhvp.exec:\xvhvp.exe110⤵
-
\??\c:\ffprltt.exec:\ffprltt.exe111⤵
-
\??\c:\phhdhh.exec:\phhdhh.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vhdnt.exec:\vhdnt.exe113⤵
-
\??\c:\brdjnff.exec:\brdjnff.exe114⤵
-
\??\c:\ndfvp.exec:\ndfvp.exe115⤵
-
\??\c:\nbndvtf.exec:\nbndvtf.exe116⤵
-
\??\c:\nxdxfj.exec:\nxdxfj.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hvfhdhr.exec:\hvfhdhr.exe118⤵
-
\??\c:\rnlphxx.exec:\rnlphxx.exe119⤵
-
\??\c:\nxpnxhn.exec:\nxpnxhn.exe120⤵
-
\??\c:\btdxnx.exec:\btdxnx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-