Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-12-2024 00:21
General
-
Target
4b18b00528d5dcddf75e7d16106a481e5ae075ea41d7a423870df78b4ea34549.exe
-
Size
453KB
-
MD5
4f357b27ab9739ac20f13a0830d31c52
-
SHA1
5f6d2b8a05f929bb2efff8b5fde77407ebc2ad95
-
SHA256
4b18b00528d5dcddf75e7d16106a481e5ae075ea41d7a423870df78b4ea34549
-
SHA512
4ccce45b677dd8eddaec2e6fac11b9d7bac08936d903c6cc690fd3034ce6263b75f7843e52492d0c9de98b89c7720bb2ce5554d9b36519882d904bc4c74a1dfe
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeo:q7Tc2NYHUrAwfMp3CDo
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b18b00528d5dcddf75e7d16106a481e5ae075ea41d7a423870df78b4ea34549.exe"C:\Users\Admin\AppData\Local\Temp\4b18b00528d5dcddf75e7d16106a481e5ae075ea41d7a423870df78b4ea34549.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvd.exec:\ppvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnht.exec:\7ttnht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjp.exec:\5ppjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbh.exec:\hbbnbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrxr.exec:\rlflrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttbhn.exec:\3ttbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxrrf.exec:\lxrxrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntbb.exec:\hnntbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjpd.exec:\9jjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frrrlx.exec:\7frrrlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtt.exec:\btbhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxffr.exec:\ffrxffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bttbh.exec:\1bttbh.exe17⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe18⤵
- Executes dropped EXE
-
\??\c:\7thhht.exec:\7thhht.exe19⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe20⤵
- Executes dropped EXE
-
\??\c:\rxllrlr.exec:\rxllrlr.exe21⤵
- Executes dropped EXE
-
\??\c:\5htbhn.exec:\5htbhn.exe22⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe23⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\llxfllx.exec:\llxfllx.exe25⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rfxfxxf.exec:\rfxfxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\httbtt.exec:\httbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\lrlfrxl.exec:\lrlfrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxxflx.exec:\xrxxflx.exe30⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe32⤵
- Executes dropped EXE
-
\??\c:\5hbhnn.exec:\5hbhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnbhh.exec:\ttnbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe37⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe38⤵
- Executes dropped EXE
-
\??\c:\llxfrxl.exec:\llxfrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\nbtbnn.exec:\nbtbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\5nbbbh.exec:\5nbbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\thtbnn.exec:\thtbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\9hhnbh.exec:\9hhnbh.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe46⤵
- Executes dropped EXE
-
\??\c:\3tnnbh.exec:\3tnnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\5pppv.exec:\5pppv.exe48⤵
- Executes dropped EXE
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\bhtbnt.exec:\bhtbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe51⤵
- Executes dropped EXE
-
\??\c:\5xrlrrr.exec:\5xrlrrr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\bnnhhn.exec:\bnnhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe55⤵
- Executes dropped EXE
-
\??\c:\hhbhht.exec:\hhbhht.exe56⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\rrlxffr.exec:\rrlxffr.exe58⤵
- Executes dropped EXE
-
\??\c:\9rlfxrr.exec:\9rlfxrr.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe60⤵
- Executes dropped EXE
-
\??\c:\3jjdj.exec:\3jjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\xfxrrll.exec:\xfxrrll.exe62⤵
- Executes dropped EXE
-
\??\c:\tthbtb.exec:\tthbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\djvvd.exec:\djvvd.exe64⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\ffflfrl.exec:\ffflfrl.exe66⤵
-
\??\c:\btbntn.exec:\btbntn.exe67⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe68⤵
-
\??\c:\lxlffxl.exec:\lxlffxl.exe69⤵
-
\??\c:\1rxrrxx.exec:\1rxrrxx.exe70⤵
-
\??\c:\nbtbbt.exec:\nbtbbt.exe71⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe72⤵
-
\??\c:\9frffxf.exec:\9frffxf.exe73⤵
-
\??\c:\7lrxxxx.exec:\7lrxxxx.exe74⤵
-
\??\c:\btbntn.exec:\btbntn.exe75⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe76⤵
-
\??\c:\lrflflr.exec:\lrflflr.exe77⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe78⤵
-
\??\c:\bhbhtb.exec:\bhbhtb.exe79⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe80⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe81⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe82⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe83⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe84⤵
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe85⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe86⤵
-
\??\c:\7jvjj.exec:\7jvjj.exe87⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe88⤵
-
\??\c:\xflxxrr.exec:\xflxxrr.exe89⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe90⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe91⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe92⤵
-
\??\c:\llffxrx.exec:\llffxrx.exe93⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe94⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe95⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe96⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe97⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe98⤵
-
\??\c:\pjddj.exec:\pjddj.exe99⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe100⤵
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe101⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe102⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe103⤵
-
\??\c:\frffllx.exec:\frffllx.exe104⤵
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe105⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe106⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe107⤵
-
\??\c:\frfllll.exec:\frfllll.exe108⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe109⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe110⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe111⤵
-
\??\c:\xrffflr.exec:\xrffflr.exe112⤵
-
\??\c:\bnntbb.exec:\bnntbb.exe113⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe114⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe115⤵
-
\??\c:\lxfrxxf.exec:\lxfrxxf.exe116⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe117⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe118⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe119⤵
-
\??\c:\1flffff.exec:\1flffff.exe120⤵
-
\??\c:\frlrflf.exec:\frlrflf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-