Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-12-2024 07:07
General
-
Target
bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f.exe
-
Size
54KB
-
MD5
b811c51873a98c783ac102140f14a5db
-
SHA1
d2e5683d0e1771ce6b79a952bb3c410cd15e4651
-
SHA256
bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f
-
SHA512
69c42f8c50f39d15ef79033152e6fa27d246859b2d1c56d1a680e7b4f1dfb92755b0d63bdb824622d345f3e28117fa078b77d506b7313419d351fce3d59b50b3
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlNJV2:0cdpeeBSHHMHLf9RyIET2
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 52 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f.exe"C:\Users\Admin\AppData\Local\Temp\bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvv.exec:\vvjvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xflxfl.exec:\1xflxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbhb.exec:\ttbbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttn.exec:\nhtttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvp.exec:\dpdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdvj.exec:\1pdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddj.exec:\ppddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrll.exec:\rrfxrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtnn.exec:\3tbtnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbt.exec:\hbttbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbb.exec:\tntbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllffx.exec:\lfllffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrfxf.exec:\rlrrfxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfrrx.exec:\llxfrrx.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbtbn.exec:\tnbtbn.exe18⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe19⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe20⤵
- Executes dropped EXE
-
\??\c:\bthbbt.exec:\bthbbt.exe21⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrfxfl.exec:\xxrfxfl.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrfxfr.exec:\ffrfxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\3thhnh.exec:\3thhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\tthhbh.exec:\tthhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe27⤵
- Executes dropped EXE
-
\??\c:\rrllrrf.exec:\rrllrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe29⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe31⤵
- Executes dropped EXE
-
\??\c:\5vjvp.exec:\5vjvp.exe32⤵
- Executes dropped EXE
-
\??\c:\xlflllr.exec:\xlflllr.exe33⤵
- Executes dropped EXE
-
\??\c:\7tnntt.exec:\7tnntt.exe34⤵
- Executes dropped EXE
-
\??\c:\nnthhh.exec:\nnthhh.exe35⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe36⤵
- Executes dropped EXE
-
\??\c:\3ddvv.exec:\3ddvv.exe37⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxffff.exec:\fxxffff.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe40⤵
- Executes dropped EXE
-
\??\c:\bbhnhb.exec:\bbhnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\xxlfxxl.exec:\xxlfxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\5tbbbt.exec:\5tbbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\7tbhhn.exec:\7tbhhn.exe46⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe47⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlxxxl.exec:\xxlxxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\1bnnhh.exec:\1bnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\nthttb.exec:\nthttb.exe51⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe52⤵
- Executes dropped EXE
-
\??\c:\1jvvv.exec:\1jvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxxrflr.exec:\fxxrflr.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlxffl.exec:\rrlxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\3hhhnn.exec:\3hhhnn.exe56⤵
- Executes dropped EXE
-
\??\c:\7nnbnt.exec:\7nnbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe58⤵
- Executes dropped EXE
-
\??\c:\5vjjd.exec:\5vjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\fffflrx.exec:\fffflrx.exe60⤵
- Executes dropped EXE
-
\??\c:\llxxxrx.exec:\llxxxrx.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnnbh.exec:\ttnnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\tbnbhn.exec:\tbnbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\3dvdd.exec:\3dvdd.exe64⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe65⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe66⤵
-
\??\c:\llxfffx.exec:\llxfffx.exe67⤵
-
\??\c:\9thntn.exec:\9thntn.exe68⤵
-
\??\c:\ttbtbh.exec:\ttbtbh.exe69⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe70⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe71⤵
-
\??\c:\fffflrx.exec:\fffflrx.exe72⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe73⤵
-
\??\c:\bbnbhn.exec:\bbnbhn.exe74⤵
-
\??\c:\1thttb.exec:\1thttb.exe75⤵
-
\??\c:\jdddj.exec:\jdddj.exe76⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe77⤵
-
\??\c:\fxrrxrf.exec:\fxrrxrf.exe78⤵
-
\??\c:\9frrrxf.exec:\9frrrxf.exe79⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe80⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe81⤵
-
\??\c:\1htnnn.exec:\1htnnn.exe82⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe83⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe84⤵
-
\??\c:\1rrrrrf.exec:\1rrrrrf.exe85⤵
-
\??\c:\rrfrxxf.exec:\rrfrxxf.exe86⤵
-
\??\c:\btnttb.exec:\btnttb.exe87⤵
-
\??\c:\bhnbbh.exec:\bhnbbh.exe88⤵
-
\??\c:\1dppp.exec:\1dppp.exe89⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe90⤵
-
\??\c:\1fxxxlr.exec:\1fxxxlr.exe91⤵
-
\??\c:\xrrlxrl.exec:\xrrlxrl.exe92⤵
-
\??\c:\bbntbt.exec:\bbntbt.exe93⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe94⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe95⤵
-
\??\c:\1vvvv.exec:\1vvvv.exe96⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe97⤵
-
\??\c:\9xlffff.exec:\9xlffff.exe98⤵
-
\??\c:\7bnhht.exec:\7bnhht.exe99⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe100⤵
-
\??\c:\vppvd.exec:\vppvd.exe101⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe102⤵
-
\??\c:\fxfflll.exec:\fxfflll.exe103⤵
-
\??\c:\ffxxflx.exec:\ffxxflx.exe104⤵
-
\??\c:\5ntttn.exec:\5ntttn.exe105⤵
-
\??\c:\hhntth.exec:\hhntth.exe106⤵
-
\??\c:\tttttt.exec:\tttttt.exe107⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe108⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe109⤵
-
\??\c:\rrxxlrf.exec:\rrxxlrf.exe110⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe111⤵
-
\??\c:\tntttt.exec:\tntttt.exe112⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe113⤵
-
\??\c:\3ntnnt.exec:\3ntnnt.exe114⤵
-
\??\c:\9dppv.exec:\9dppv.exe115⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe116⤵
-
\??\c:\7rllxfl.exec:\7rllxfl.exe117⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe118⤵
-
\??\c:\htnbhh.exec:\htnbhh.exe119⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe120⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-