Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 01:50
General
-
Target
43c18956538f3fd47aa064c9a4264ad06ca906b8b61cfb30c9aec99e26b3472a.exe
-
Size
453KB
-
MD5
58ff3c78deb7507550c8cc33a2bab2ea
-
SHA1
b415980c795b02e126d7df4787cf6e5fea182549
-
SHA256
43c18956538f3fd47aa064c9a4264ad06ca906b8b61cfb30c9aec99e26b3472a
-
SHA512
2854cc10ef2b0f05e9de90f89e291d73b472f92ebe8381a1110097c313ebc8b7eac34da3d1ce0ea584a4347e8cab099190898bb6b279bd88432cd1369b35c97b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeU:q7Tc2NYHUrAwfMp3CDU
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43c18956538f3fd47aa064c9a4264ad06ca906b8b61cfb30c9aec99e26b3472a.exe"C:\Users\Admin\AppData\Local\Temp\43c18956538f3fd47aa064c9a4264ad06ca906b8b61cfb30c9aec99e26b3472a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pftbvln.exec:\pftbvln.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npdbfnj.exec:\npdbfnj.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rbfxhb.exec:\rbfxhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xljfld.exec:\xljfld.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrlnh.exec:\jrlnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhtnt.exec:\jhtnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfjbt.exec:\jfjbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfnlr.exec:\jfnlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trffp.exec:\trffp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljxbvlx.exec:\ljxbvlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnrxfff.exec:\lnrxfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtdjn.exec:\jtdjn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltbjn.exec:\ltbjn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbjfvd.exec:\jbjfvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flvdbvd.exec:\flvdbvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvdrfxx.exec:\nvdrfxx.exe17⤵
- Executes dropped EXE
-
\??\c:\xtdbdv.exec:\xtdbdv.exe18⤵
- Executes dropped EXE
-
\??\c:\jnxnrd.exec:\jnxnrd.exe19⤵
- Executes dropped EXE
-
\??\c:\vldtttb.exec:\vldtttb.exe20⤵
- Executes dropped EXE
-
\??\c:\bbtjl.exec:\bbtjl.exe21⤵
- Executes dropped EXE
-
\??\c:\lthxh.exec:\lthxh.exe22⤵
- Executes dropped EXE
-
\??\c:\tdfvffl.exec:\tdfvffl.exe23⤵
- Executes dropped EXE
-
\??\c:\dbbhtll.exec:\dbbhtll.exe24⤵
- Executes dropped EXE
-
\??\c:\jrrntj.exec:\jrrntj.exe25⤵
- Executes dropped EXE
-
\??\c:\hhdrrd.exec:\hhdrrd.exe26⤵
- Executes dropped EXE
-
\??\c:\dfbbnh.exec:\dfbbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\lxbbb.exec:\lxbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\bhtlf.exec:\bhtlf.exe29⤵
- Executes dropped EXE
-
\??\c:\jbnnn.exec:\jbnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vrlvj.exec:\vrlvj.exe31⤵
- Executes dropped EXE
-
\??\c:\vvrdt.exec:\vvrdt.exe32⤵
- Executes dropped EXE
-
\??\c:\xhvjl.exec:\xhvjl.exe33⤵
- Executes dropped EXE
-
\??\c:\lvjbbp.exec:\lvjbbp.exe34⤵
- Executes dropped EXE
-
\??\c:\nflpfx.exec:\nflpfx.exe35⤵
- Executes dropped EXE
-
\??\c:\xdjlpp.exec:\xdjlpp.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\plbtt.exec:\plbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\fhpvnj.exec:\fhpvnj.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxlr.exec:\lfxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\tfhbp.exec:\tfhbp.exe40⤵
- Executes dropped EXE
-
\??\c:\fvjbtpj.exec:\fvjbtpj.exe41⤵
- Executes dropped EXE
-
\??\c:\xnddb.exec:\xnddb.exe42⤵
- Executes dropped EXE
-
\??\c:\vtltft.exec:\vtltft.exe43⤵
- Executes dropped EXE
-
\??\c:\ftjjxx.exec:\ftjjxx.exe44⤵
- Executes dropped EXE
-
\??\c:\dvddjn.exec:\dvddjn.exe45⤵
- Executes dropped EXE
-
\??\c:\tlrjhbx.exec:\tlrjhbx.exe46⤵
- Executes dropped EXE
-
\??\c:\llxhlvl.exec:\llxhlvl.exe47⤵
- Executes dropped EXE
-
\??\c:\xvdxntx.exec:\xvdxntx.exe48⤵
- Executes dropped EXE
-
\??\c:\lhxjrb.exec:\lhxjrb.exe49⤵
- Executes dropped EXE
-
\??\c:\tdpftp.exec:\tdpftp.exe50⤵
- Executes dropped EXE
-
\??\c:\nlffv.exec:\nlffv.exe51⤵
- Executes dropped EXE
-
\??\c:\rdfbb.exec:\rdfbb.exe52⤵
- Executes dropped EXE
-
\??\c:\fdxbnh.exec:\fdxbnh.exe53⤵
- Executes dropped EXE
-
\??\c:\phnxfn.exec:\phnxfn.exe54⤵
- Executes dropped EXE
-
\??\c:\hfvtt.exec:\hfvtt.exe55⤵
- Executes dropped EXE
-
\??\c:\rbhpdh.exec:\rbhpdh.exe56⤵
- Executes dropped EXE
-
\??\c:\jprjpxp.exec:\jprjpxp.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nhnfhv.exec:\nhnfhv.exe58⤵
- Executes dropped EXE
-
\??\c:\xpfpvd.exec:\xpfpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\jhbpjjt.exec:\jhbpjjt.exe60⤵
- Executes dropped EXE
-
\??\c:\xbblhj.exec:\xbblhj.exe61⤵
- Executes dropped EXE
-
\??\c:\ppnvr.exec:\ppnvr.exe62⤵
- Executes dropped EXE
-
\??\c:\xdfjx.exec:\xdfjx.exe63⤵
- Executes dropped EXE
-
\??\c:\dbhxxf.exec:\dbhxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\hvlpvn.exec:\hvlpvn.exe65⤵
- Executes dropped EXE
-
\??\c:\frvhtxr.exec:\frvhtxr.exe66⤵
-
\??\c:\tvjfdjn.exec:\tvjfdjn.exe67⤵
-
\??\c:\vxvvprl.exec:\vxvvprl.exe68⤵
-
\??\c:\tbldpx.exec:\tbldpx.exe69⤵
-
\??\c:\rrvfrn.exec:\rrvfrn.exe70⤵
-
\??\c:\vvdvl.exec:\vvdvl.exe71⤵
-
\??\c:\vvffpl.exec:\vvffpl.exe72⤵
-
\??\c:\vllhv.exec:\vllhv.exe73⤵
-
\??\c:\djfbx.exec:\djfbx.exe74⤵
-
\??\c:\fhtvr.exec:\fhtvr.exe75⤵
-
\??\c:\nxnnnpf.exec:\nxnnnpf.exe76⤵
-
\??\c:\tjlrrx.exec:\tjlrrx.exe77⤵
-
\??\c:\llbdndt.exec:\llbdndt.exe78⤵
-
\??\c:\jhvvpr.exec:\jhvvpr.exe79⤵
-
\??\c:\dlnfjj.exec:\dlnfjj.exe80⤵
-
\??\c:\ljdrfvj.exec:\ljdrfvj.exe81⤵
-
\??\c:\rvrnjjr.exec:\rvrnjjr.exe82⤵
-
\??\c:\bdvdvxx.exec:\bdvdvxx.exe83⤵
-
\??\c:\vlbhndp.exec:\vlbhndp.exe84⤵
-
\??\c:\hvrvxl.exec:\hvrvxl.exe85⤵
-
\??\c:\vftnnl.exec:\vftnnl.exe86⤵
-
\??\c:\fvvnr.exec:\fvvnr.exe87⤵
-
\??\c:\bprhxt.exec:\bprhxt.exe88⤵
-
\??\c:\fvjbtdx.exec:\fvjbtdx.exe89⤵
-
\??\c:\djfbnt.exec:\djfbnt.exe90⤵
-
\??\c:\rlppx.exec:\rlppx.exe91⤵
-
\??\c:\dpppnh.exec:\dpppnh.exe92⤵
-
\??\c:\rxhbvh.exec:\rxhbvh.exe93⤵
-
\??\c:\vnpddlp.exec:\vnpddlp.exe94⤵
-
\??\c:\jpjnvl.exec:\jpjnvl.exe95⤵
-
\??\c:\fpptvv.exec:\fpptvv.exe96⤵
-
\??\c:\lrnnvbh.exec:\lrnnvbh.exe97⤵
-
\??\c:\xvtfhbh.exec:\xvtfhbh.exe98⤵
-
\??\c:\xxbxhhl.exec:\xxbxhhl.exe99⤵
-
\??\c:\dxjjtf.exec:\dxjjtf.exe100⤵
-
\??\c:\vrlnjjd.exec:\vrlnjjd.exe101⤵
-
\??\c:\xbrjfr.exec:\xbrjfr.exe102⤵
-
\??\c:\rvrpdb.exec:\rvrpdb.exe103⤵
-
\??\c:\rxpdt.exec:\rxpdt.exe104⤵
-
\??\c:\xtllt.exec:\xtllt.exe105⤵
-
\??\c:\dvbrtn.exec:\dvbrtn.exe106⤵
-
\??\c:\brtpvj.exec:\brtpvj.exe107⤵
-
\??\c:\bhvlvx.exec:\bhvlvx.exe108⤵
-
\??\c:\jbrpl.exec:\jbrpl.exe109⤵
-
\??\c:\txrjn.exec:\txrjn.exe110⤵
-
\??\c:\bjlvj.exec:\bjlvj.exe111⤵
-
\??\c:\jfhll.exec:\jfhll.exe112⤵
-
\??\c:\hhnxbxr.exec:\hhnxbxr.exe113⤵
-
\??\c:\fvnrbtt.exec:\fvnrbtt.exe114⤵
-
\??\c:\ddnxvd.exec:\ddnxvd.exe115⤵
-
\??\c:\lftrttv.exec:\lftrttv.exe116⤵
-
\??\c:\bfhdvrh.exec:\bfhdvrh.exe117⤵
-
\??\c:\vntxddb.exec:\vntxddb.exe118⤵
-
\??\c:\nxtxrpf.exec:\nxtxrpf.exe119⤵
-
\??\c:\lbdnt.exec:\lbdnt.exe120⤵
-
\??\c:\ffvfjpr.exec:\ffvfjpr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-