Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25-12-2024 19:27
General
-
Target
6ada709b13ddf1b6e2b3ab7a682cd49b36f65bbcfe11f11e37421e5b09dcd9aa.exe
-
Size
454KB
-
MD5
3417e432e29d44198908240198612d81
-
SHA1
d7023b8746b50d29167d7775e5a3068f8c6f7bc4
-
SHA256
6ada709b13ddf1b6e2b3ab7a682cd49b36f65bbcfe11f11e37421e5b09dcd9aa
-
SHA512
d1416ca8fa1c907a6a559c0797e3caed6779703ab01f67c525cc144a6c4b563c39717b2cf7ac7dcb847192bacc090f1437dbf0325e84c87d8ed1f639c10511be
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbed:q7Tc2NYHUrAwfMp3CDd
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ada709b13ddf1b6e2b3ab7a682cd49b36f65bbcfe11f11e37421e5b09dcd9aa.exe"C:\Users\Admin\AppData\Local\Temp\6ada709b13ddf1b6e2b3ab7a682cd49b36f65bbcfe11f11e37421e5b09dcd9aa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnnj.exec:\hhbhnnj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljljt.exec:\ljljt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbdvx.exec:\rbdvx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjtth.exec:\rjtth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dblhlr.exec:\dblhlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvfdrd.exec:\jpvfdrd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpdtd.exec:\xpdtd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdtxr.exec:\pdtxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhxtx.exec:\vhxtx.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bdjnbht.exec:\bdjnbht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htxhbr.exec:\htxhbr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnxfvj.exec:\jnxfvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfnlldt.exec:\jfnlldt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljfbj.exec:\ljfbj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrbnf.exec:\rrbnf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvnxh.exec:\jvnxh.exe17⤵
- Executes dropped EXE
-
\??\c:\rlvfh.exec:\rlvfh.exe18⤵
- Executes dropped EXE
-
\??\c:\rhjpbvv.exec:\rhjpbvv.exe19⤵
- Executes dropped EXE
-
\??\c:\vjfttl.exec:\vjfttl.exe20⤵
- Executes dropped EXE
-
\??\c:\rttpxx.exec:\rttpxx.exe21⤵
- Executes dropped EXE
-
\??\c:\bndfd.exec:\bndfd.exe22⤵
- Executes dropped EXE
-
\??\c:\dnnxlx.exec:\dnnxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\vjbvtf.exec:\vjbvtf.exe24⤵
- Executes dropped EXE
-
\??\c:\xhfnthj.exec:\xhfnthj.exe25⤵
- Executes dropped EXE
-
\??\c:\hxjdf.exec:\hxjdf.exe26⤵
- Executes dropped EXE
-
\??\c:\rxtdhpx.exec:\rxtdhpx.exe27⤵
- Executes dropped EXE
-
\??\c:\rnnnxv.exec:\rnnnxv.exe28⤵
- Executes dropped EXE
-
\??\c:\tpjbf.exec:\tpjbf.exe29⤵
- Executes dropped EXE
-
\??\c:\lnbxlt.exec:\lnbxlt.exe30⤵
- Executes dropped EXE
-
\??\c:\tbthlp.exec:\tbthlp.exe31⤵
- Executes dropped EXE
-
\??\c:\vhdtrdh.exec:\vhdtrdh.exe32⤵
- Executes dropped EXE
-
\??\c:\hxrtx.exec:\hxrtx.exe33⤵
- Executes dropped EXE
-
\??\c:\xnpdff.exec:\xnpdff.exe34⤵
- Executes dropped EXE
-
\??\c:\fjvpnl.exec:\fjvpnl.exe35⤵
- Executes dropped EXE
-
\??\c:\fhdrnd.exec:\fhdrnd.exe36⤵
- Executes dropped EXE
-
\??\c:\trftv.exec:\trftv.exe37⤵
- Executes dropped EXE
-
\??\c:\bnjbhhn.exec:\bnjbhhn.exe38⤵
- Executes dropped EXE
-
\??\c:\xfrxft.exec:\xfrxft.exe39⤵
- Executes dropped EXE
-
\??\c:\tdjll.exec:\tdjll.exe40⤵
- Executes dropped EXE
-
\??\c:\fpbddxl.exec:\fpbddxl.exe41⤵
- Executes dropped EXE
-
\??\c:\nfhrbfv.exec:\nfhrbfv.exe42⤵
- Executes dropped EXE
-
\??\c:\rxlhn.exec:\rxlhn.exe43⤵
- Executes dropped EXE
-
\??\c:\lxpbx.exec:\lxpbx.exe44⤵
- Executes dropped EXE
-
\??\c:\lrtxrp.exec:\lrtxrp.exe45⤵
- Executes dropped EXE
-
\??\c:\bjdhr.exec:\bjdhr.exe46⤵
- Executes dropped EXE
-
\??\c:\htndjn.exec:\htndjn.exe47⤵
- Executes dropped EXE
-
\??\c:\dndph.exec:\dndph.exe48⤵
- Executes dropped EXE
-
\??\c:\vfpvdxd.exec:\vfpvdxd.exe49⤵
- Executes dropped EXE
-
\??\c:\jpfxfjh.exec:\jpfxfjh.exe50⤵
- Executes dropped EXE
-
\??\c:\hhplv.exec:\hhplv.exe51⤵
- Executes dropped EXE
-
\??\c:\fftnt.exec:\fftnt.exe52⤵
- Executes dropped EXE
-
\??\c:\lvbnprl.exec:\lvbnprl.exe53⤵
- Executes dropped EXE
-
\??\c:\xhvjlrf.exec:\xhvjlrf.exe54⤵
- Executes dropped EXE
-
\??\c:\vptpn.exec:\vptpn.exe55⤵
- Executes dropped EXE
-
\??\c:\fffnnf.exec:\fffnnf.exe56⤵
- Executes dropped EXE
-
\??\c:\xjhjfj.exec:\xjhjfj.exe57⤵
- Executes dropped EXE
-
\??\c:\trtbb.exec:\trtbb.exe58⤵
- Executes dropped EXE
-
\??\c:\nnrdtft.exec:\nnrdtft.exe59⤵
- Executes dropped EXE
-
\??\c:\xvjxx.exec:\xvjxx.exe60⤵
- Executes dropped EXE
-
\??\c:\xbhff.exec:\xbhff.exe61⤵
- Executes dropped EXE
-
\??\c:\pnldrf.exec:\pnldrf.exe62⤵
- Executes dropped EXE
-
\??\c:\ftvvjx.exec:\ftvvjx.exe63⤵
- Executes dropped EXE
-
\??\c:\jjprjx.exec:\jjprjx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbljjb.exec:\hbljjb.exe65⤵
- Executes dropped EXE
-
\??\c:\dbjnxt.exec:\dbjnxt.exe66⤵
-
\??\c:\vltlv.exec:\vltlv.exe67⤵
-
\??\c:\xlxtv.exec:\xlxtv.exe68⤵
-
\??\c:\tdnxv.exec:\tdnxv.exe69⤵
-
\??\c:\rvnrj.exec:\rvnrj.exe70⤵
-
\??\c:\ppvrbp.exec:\ppvrbp.exe71⤵
-
\??\c:\dtxhr.exec:\dtxhr.exe72⤵
-
\??\c:\ljpxvfv.exec:\ljpxvfv.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnffbrt.exec:\bnffbrt.exe74⤵
-
\??\c:\rxdffh.exec:\rxdffh.exe75⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rldfb.exec:\rldfb.exe76⤵
-
\??\c:\phrvf.exec:\phrvf.exe77⤵
-
\??\c:\djdhrpb.exec:\djdhrpb.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tvhflj.exec:\tvhflj.exe79⤵
-
\??\c:\bxjjd.exec:\bxjjd.exe80⤵
-
\??\c:\hppbd.exec:\hppbd.exe81⤵
-
\??\c:\vdhhvdp.exec:\vdhhvdp.exe82⤵
-
\??\c:\tjphd.exec:\tjphd.exe83⤵
-
\??\c:\rxxff.exec:\rxxff.exe84⤵
-
\??\c:\rbbld.exec:\rbbld.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lvvfbnt.exec:\lvvfbnt.exe86⤵
-
\??\c:\pdrvd.exec:\pdrvd.exe87⤵
-
\??\c:\xnfplr.exec:\xnfplr.exe88⤵
-
\??\c:\vppdfbx.exec:\vppdfbx.exe89⤵
-
\??\c:\prrjpj.exec:\prrjpj.exe90⤵
-
\??\c:\btlpxh.exec:\btlpxh.exe91⤵
-
\??\c:\tdjvll.exec:\tdjvll.exe92⤵
-
\??\c:\pjfxxdp.exec:\pjfxxdp.exe93⤵
-
\??\c:\vxffdp.exec:\vxffdp.exe94⤵
-
\??\c:\nvxfhj.exec:\nvxfhj.exe95⤵
-
\??\c:\nbtdj.exec:\nbtdj.exe96⤵
-
\??\c:\ttfhdt.exec:\ttfhdt.exe97⤵
-
\??\c:\tlfll.exec:\tlfll.exe98⤵
-
\??\c:\dnbxp.exec:\dnbxp.exe99⤵
-
\??\c:\xppnx.exec:\xppnx.exe100⤵
-
\??\c:\pnbhth.exec:\pnbhth.exe101⤵
-
\??\c:\dbfhn.exec:\dbfhn.exe102⤵
-
\??\c:\nhtvrb.exec:\nhtvrb.exe103⤵
-
\??\c:\tnplr.exec:\tnplr.exe104⤵
-
\??\c:\rnrbjhx.exec:\rnrbjhx.exe105⤵
-
\??\c:\fxtpdnf.exec:\fxtpdnf.exe106⤵
-
\??\c:\rffbjp.exec:\rffbjp.exe107⤵
-
\??\c:\nvjnb.exec:\nvjnb.exe108⤵
-
\??\c:\hbddhpr.exec:\hbddhpr.exe109⤵
-
\??\c:\bhjljdb.exec:\bhjljdb.exe110⤵
-
\??\c:\rjhdnxb.exec:\rjhdnxb.exe111⤵
-
\??\c:\nrrnbbr.exec:\nrrnbbr.exe112⤵
-
\??\c:\jnfvpnb.exec:\jnfvpnb.exe113⤵
-
\??\c:\tdxjff.exec:\tdxjff.exe114⤵
-
\??\c:\pjhxdr.exec:\pjhxdr.exe115⤵
-
\??\c:\rdpjfrf.exec:\rdpjfrf.exe116⤵
-
\??\c:\nfhln.exec:\nfhln.exe117⤵
-
\??\c:\hvrbnn.exec:\hvrbnn.exe118⤵
-
\??\c:\trtpnn.exec:\trtpnn.exe119⤵
-
\??\c:\dvbvd.exec:\dvbvd.exe120⤵
-
\??\c:\ddpdnrd.exec:\ddpdnrd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-