Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26/12/2024, 07:07
General
-
Target
bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f.exe
-
Size
54KB
-
MD5
b811c51873a98c783ac102140f14a5db
-
SHA1
d2e5683d0e1771ce6b79a952bb3c410cd15e4651
-
SHA256
bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f
-
SHA512
69c42f8c50f39d15ef79033152e6fa27d246859b2d1c56d1a680e7b4f1dfb92755b0d63bdb824622d345f3e28117fa078b77d506b7313419d351fce3d59b50b3
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlNJV2:0cdpeeBSHHMHLf9RyIET2
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f.exe"C:\Users\Admin\AppData\Local\Temp\bd701f5de0b7b5bfa06088d76f868e944858a57141b977d0e079836635037f6f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflfff.exec:\xfflfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthhh.exec:\nnthhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxrxrl.exec:\5xxrxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnhb.exec:\nbnnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllfr.exec:\rrrllfr.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfxlr.exec:\lxlfxlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnbh.exec:\9hnnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrllf.exec:\rxxrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhhn.exec:\7tbhhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpjd.exec:\5vpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrffrf.exec:\rlrffrf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxxrx.exec:\1rxxxrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnn.exec:\nnttnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvd.exec:\dvdvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbt.exec:\hbnhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\htbtnb.exec:\htbtnb.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\frrfrlx.exec:\frrfrlx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\hntthb.exec:\hntthb.exe28⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrfllx.exec:\xrrfllx.exe30⤵
- Executes dropped EXE
-
\??\c:\bhtnnh.exec:\bhtnnh.exe31⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxxlrl.exec:\ffxxlrl.exe33⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe35⤵
- Executes dropped EXE
-
\??\c:\3dvpp.exec:\3dvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\rlrlfxl.exec:\rlrlfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\7tnhbb.exec:\7tnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe40⤵
- Executes dropped EXE
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\3lffxxr.exec:\3lffxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\bbnhbb.exec:\bbnhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe44⤵
- Executes dropped EXE
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\5xfrfxx.exec:\5xfrfxx.exe46⤵
- Executes dropped EXE
-
\??\c:\5hhnnh.exec:\5hhnnh.exe47⤵
- Executes dropped EXE
-
\??\c:\3jdvj.exec:\3jdvj.exe48⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\xxfxxff.exec:\xxfxxff.exe50⤵
- Executes dropped EXE
-
\??\c:\7nnhhn.exec:\7nnhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\djpvp.exec:\djpvp.exe52⤵
- Executes dropped EXE
-
\??\c:\xlxxxxr.exec:\xlxxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe55⤵
- Executes dropped EXE
-
\??\c:\htbthb.exec:\htbthb.exe56⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\rrxrlrr.exec:\rrxrlrr.exe58⤵
- Executes dropped EXE
-
\??\c:\xxrlrrf.exec:\xxrlrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\7nnntt.exec:\7nnntt.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhhbt.exec:\hhhhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\9vppj.exec:\9vppj.exe62⤵
- Executes dropped EXE
-
\??\c:\lxffxfx.exec:\lxffxfx.exe63⤵
- Executes dropped EXE
-
\??\c:\lrxxrff.exec:\lrxxrff.exe64⤵
- Executes dropped EXE
-
\??\c:\tthbtn.exec:\tthbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe66⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe67⤵
-
\??\c:\ntbbth.exec:\ntbbth.exe68⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe69⤵
-
\??\c:\jjppp.exec:\jjppp.exe70⤵
-
\??\c:\1fxrlff.exec:\1fxrlff.exe71⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe72⤵
-
\??\c:\rxrrlrr.exec:\rxrrlrr.exe73⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe74⤵
-
\??\c:\bntnhn.exec:\bntnhn.exe75⤵
-
\??\c:\jpppd.exec:\jpppd.exe76⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe77⤵
-
\??\c:\rlxfrxr.exec:\rlxfrxr.exe78⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe79⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe80⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe81⤵
-
\??\c:\1llfxll.exec:\1llfxll.exe82⤵
-
\??\c:\7bbnhh.exec:\7bbnhh.exe83⤵
-
\??\c:\httnbb.exec:\httnbb.exe84⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe85⤵
-
\??\c:\fxxxxrr.exec:\fxxxxrr.exe86⤵
-
\??\c:\llrlrlr.exec:\llrlrlr.exe87⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe88⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe89⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe90⤵
-
\??\c:\9rrllxx.exec:\9rrllxx.exe91⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe92⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe93⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe94⤵
-
\??\c:\rrrllxx.exec:\rrrllxx.exe95⤵
-
\??\c:\nhhhnb.exec:\nhhhnb.exe96⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe97⤵
-
\??\c:\frllxlr.exec:\frllxlr.exe98⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe99⤵
-
\??\c:\3tttnb.exec:\3tttnb.exe100⤵
-
\??\c:\9pppv.exec:\9pppv.exe101⤵
-
\??\c:\3xrfxrl.exec:\3xrfxrl.exe102⤵
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe103⤵
-
\??\c:\nbbbbn.exec:\nbbbbn.exe104⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe105⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe106⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe107⤵
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe108⤵
-
\??\c:\htbttt.exec:\htbttt.exe109⤵
-
\??\c:\jddpd.exec:\jddpd.exe110⤵
-
\??\c:\jddvj.exec:\jddvj.exe111⤵
-
\??\c:\5lfxrlx.exec:\5lfxrlx.exe112⤵
-
\??\c:\xrlxfxx.exec:\xrlxfxx.exe113⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe114⤵
-
\??\c:\pppdp.exec:\pppdp.exe115⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe116⤵
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe117⤵
-
\??\c:\thhnnb.exec:\thhnnb.exe118⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe119⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe120⤵
-
\??\c:\frxlflf.exec:\frxlflf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-