Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25-12-2024 17:29
General
-
Target
8d0f96ceddd83aa15ce76fe63c4905bb9fd2382089c3764539a136fe56a3d051.exe
-
Size
453KB
-
MD5
5371c3a06b6d83729c37424b9e530779
-
SHA1
20437b26ae33536fa4a6ed40a3fde9daedf11d4a
-
SHA256
8d0f96ceddd83aa15ce76fe63c4905bb9fd2382089c3764539a136fe56a3d051
-
SHA512
9ce002f23ee512d45eac1003c9fddffef9cf1471771985248d9bc88556099de427362e4e23bbe0d358624570d438384e85229f42bc82417dc86516a4a4b08972
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeV:q7Tc2NYHUrAwfMp3CDV
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d0f96ceddd83aa15ce76fe63c4905bb9fd2382089c3764539a136fe56a3d051.exe"C:\Users\Admin\AppData\Local\Temp\8d0f96ceddd83aa15ce76fe63c4905bb9fd2382089c3764539a136fe56a3d051.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddd.exec:\3pddd.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrf.exec:\xrffrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbttn.exec:\5bbttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvd.exec:\djdvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxll.exec:\lflfxll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnnh.exec:\nbtnnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrrlr.exec:\rfrrrlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbnn.exec:\hbnbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrxl.exec:\xrflrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrxll.exec:\xrrrxll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflllll.exec:\rflllll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtntn.exec:\bhtntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxffx.exec:\lfrxffx.exe18⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe19⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3rxrlfl.exec:\3rxrlfl.exe21⤵
- Executes dropped EXE
-
\??\c:\xlllrxx.exec:\xlllrxx.exe22⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrxfxx.exec:\rfrxfxx.exe24⤵
- Executes dropped EXE
-
\??\c:\hthhnh.exec:\hthhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe26⤵
- Executes dropped EXE
-
\??\c:\frxxffl.exec:\frxxffl.exe27⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxxfff.exec:\ffxxfff.exe29⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe30⤵
- Executes dropped EXE
-
\??\c:\lffrxxf.exec:\lffrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe32⤵
- Executes dropped EXE
-
\??\c:\frxxfxf.exec:\frxxfxf.exe33⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe34⤵
- Executes dropped EXE
-
\??\c:\llrrffl.exec:\llrrffl.exe35⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\nnhhnt.exec:\nnhhnt.exe37⤵
- Executes dropped EXE
-
\??\c:\9nnbbt.exec:\9nnbbt.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rfxffxf.exec:\rfxffxf.exe40⤵
- Executes dropped EXE
-
\??\c:\btbbbt.exec:\btbbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\5nttnn.exec:\5nttnn.exe42⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe43⤵
- Executes dropped EXE
-
\??\c:\llrlrlx.exec:\llrlrlx.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe47⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxrlxl.exec:\lfxrlxl.exe49⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\7xfxlrx.exec:\7xfxlrx.exe53⤵
- Executes dropped EXE
-
\??\c:\ttttth.exec:\ttttth.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxlxrxx.exec:\lxlxrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\xrflrrr.exec:\xrflrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe59⤵
- Executes dropped EXE
-
\??\c:\7vvdd.exec:\7vvdd.exe60⤵
- Executes dropped EXE
-
\??\c:\3djdd.exec:\3djdd.exe61⤵
- Executes dropped EXE
-
\??\c:\flrrxlr.exec:\flrrxlr.exe62⤵
- Executes dropped EXE
-
\??\c:\3bbtbt.exec:\3bbtbt.exe63⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe64⤵
- Executes dropped EXE
-
\??\c:\dppvd.exec:\dppvd.exe65⤵
- Executes dropped EXE
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe66⤵
-
\??\c:\7rrfflr.exec:\7rrfflr.exe67⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe68⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3ppjj.exec:\3ppjj.exe70⤵
-
\??\c:\fflfxlr.exec:\fflfxlr.exe71⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe72⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe73⤵
-
\??\c:\djppp.exec:\djppp.exe74⤵
-
\??\c:\lfrrxrl.exec:\lfrrxrl.exe75⤵
-
\??\c:\hntbbt.exec:\hntbbt.exe76⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe77⤵
-
\??\c:\3pppd.exec:\3pppd.exe78⤵
-
\??\c:\3frrrrx.exec:\3frrrrx.exe79⤵
-
\??\c:\lfxxflx.exec:\lfxxflx.exe80⤵
-
\??\c:\3hhhtb.exec:\3hhhtb.exe81⤵
-
\??\c:\djjdj.exec:\djjdj.exe82⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe83⤵
-
\??\c:\rlfflrf.exec:\rlfflrf.exe84⤵
-
\??\c:\thttbn.exec:\thttbn.exe85⤵
-
\??\c:\7ntbbh.exec:\7ntbbh.exe86⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe87⤵
-
\??\c:\fxlllff.exec:\fxlllff.exe88⤵
-
\??\c:\1rflrrr.exec:\1rflrrr.exe89⤵
-
\??\c:\9bbttn.exec:\9bbttn.exe90⤵
-
\??\c:\hthttt.exec:\hthttt.exe91⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe92⤵
-
\??\c:\5rfxrrr.exec:\5rfxrrr.exe93⤵
-
\??\c:\1lxrlll.exec:\1lxrlll.exe94⤵
-
\??\c:\hnntbt.exec:\hnntbt.exe95⤵
-
\??\c:\1tnnth.exec:\1tnnth.exe96⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe97⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe98⤵
-
\??\c:\5nnnbt.exec:\5nnnbt.exe99⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe100⤵
-
\??\c:\ddppj.exec:\ddppj.exe101⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe102⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe103⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe104⤵
-
\??\c:\thbthh.exec:\thbthh.exe105⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe106⤵
-
\??\c:\rrxffxr.exec:\rrxffxr.exe107⤵
-
\??\c:\5lfrxxx.exec:\5lfrxxx.exe108⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe109⤵
-
\??\c:\1htbtt.exec:\1htbtt.exe110⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe111⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe112⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe113⤵
-
\??\c:\5bhttn.exec:\5bhttn.exe114⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe115⤵
-
\??\c:\djpjj.exec:\djpjj.exe116⤵
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe117⤵
-
\??\c:\3xfflff.exec:\3xfflff.exe118⤵
-
\??\c:\ntbnbb.exec:\ntbnbb.exe119⤵
-
\??\c:\3bnttn.exec:\3bnttn.exe120⤵
-
\??\c:\7jvdj.exec:\7jvdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-