Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 08:29
General
-
Target
fc395f47aab22178de06a06c699b65dff797970b8d062a7bac191a4a808212c0.exe
-
Size
453KB
-
MD5
e4c1fa87cd6106e0871ee7aec5a53a56
-
SHA1
500ac3d042b8ff6f0a4f5ca95d2c5a5f60b1f4d5
-
SHA256
fc395f47aab22178de06a06c699b65dff797970b8d062a7bac191a4a808212c0
-
SHA512
37e79e8978aa9c7255d90e1024bd57fb75254bf28174bcc96276f62f3a1ef81f7eac3bedb8c63498441c79b07bfa1c4067dbe540e35d5b7596653c519e06a424
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbep:q7Tc2NYHUrAwfMp3CDp
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc395f47aab22178de06a06c699b65dff797970b8d062a7bac191a4a808212c0.exe"C:\Users\Admin\AppData\Local\Temp\fc395f47aab22178de06a06c699b65dff797970b8d062a7bac191a4a808212c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jfjdv.exec:\jfjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrxhx.exec:\vrxhx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jflrb.exec:\jflrb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrvjltj.exec:\jrvjltj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbxx.exec:\bnbxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bljxl.exec:\bljxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvnvjt.exec:\pvvnvjt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbpdd.exec:\rbpdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfpbf.exec:\jfpbf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tblbld.exec:\tblbld.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drjvlp.exec:\drjvlp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnxrhvd.exec:\xnxrhvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhbdphj.exec:\fhbdphj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvbbr.exec:\rvbbr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvbpt.exec:\rvbpt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fpblbnb.exec:\fpblbnb.exe17⤵
- Executes dropped EXE
-
\??\c:\dnnxvdl.exec:\dnnxvdl.exe18⤵
- Executes dropped EXE
-
\??\c:\vrpfxh.exec:\vrpfxh.exe19⤵
- Executes dropped EXE
-
\??\c:\bfljxb.exec:\bfljxb.exe20⤵
- Executes dropped EXE
-
\??\c:\rxbldhf.exec:\rxbldhf.exe21⤵
- Executes dropped EXE
-
\??\c:\jjffr.exec:\jjffr.exe22⤵
- Executes dropped EXE
-
\??\c:\hfpnvt.exec:\hfpnvt.exe23⤵
- Executes dropped EXE
-
\??\c:\lfvhj.exec:\lfvhj.exe24⤵
- Executes dropped EXE
-
\??\c:\hhtff.exec:\hhtff.exe25⤵
- Executes dropped EXE
-
\??\c:\vhdnntx.exec:\vhdnntx.exe26⤵
- Executes dropped EXE
-
\??\c:\xlfndx.exec:\xlfndx.exe27⤵
- Executes dropped EXE
-
\??\c:\jpnlrdx.exec:\jpnlrdx.exe28⤵
- Executes dropped EXE
-
\??\c:\jbbrrr.exec:\jbbrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\dbnbxfp.exec:\dbnbxfp.exe30⤵
- Executes dropped EXE
-
\??\c:\ndhfbf.exec:\ndhfbf.exe31⤵
- Executes dropped EXE
-
\??\c:\bvxnnjf.exec:\bvxnnjf.exe32⤵
- Executes dropped EXE
-
\??\c:\jlprl.exec:\jlprl.exe33⤵
- Executes dropped EXE
-
\??\c:\xbxxpb.exec:\xbxxpb.exe34⤵
- Executes dropped EXE
-
\??\c:\dnrvbb.exec:\dnrvbb.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hflphl.exec:\hflphl.exe36⤵
- Executes dropped EXE
-
\??\c:\jfrnn.exec:\jfrnn.exe37⤵
- Executes dropped EXE
-
\??\c:\fvbnd.exec:\fvbnd.exe38⤵
- Executes dropped EXE
-
\??\c:\ndtdblt.exec:\ndtdblt.exe39⤵
- Executes dropped EXE
-
\??\c:\hxpbfr.exec:\hxpbfr.exe40⤵
- Executes dropped EXE
-
\??\c:\tbrxtnj.exec:\tbrxtnj.exe41⤵
- Executes dropped EXE
-
\??\c:\xvjjhh.exec:\xvjjhh.exe42⤵
- Executes dropped EXE
-
\??\c:\vpxpn.exec:\vpxpn.exe43⤵
- Executes dropped EXE
-
\??\c:\ltrpfxb.exec:\ltrpfxb.exe44⤵
- Executes dropped EXE
-
\??\c:\flvhjt.exec:\flvhjt.exe45⤵
- Executes dropped EXE
-
\??\c:\vjvjn.exec:\vjvjn.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxnrd.exec:\xxxnrd.exe47⤵
- Executes dropped EXE
-
\??\c:\ljxlfvb.exec:\ljxlfvb.exe48⤵
- Executes dropped EXE
-
\??\c:\prvvj.exec:\prvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\vflrb.exec:\vflrb.exe50⤵
- Executes dropped EXE
-
\??\c:\vbfrxxt.exec:\vbfrxxt.exe51⤵
- Executes dropped EXE
-
\??\c:\vxjbj.exec:\vxjbj.exe52⤵
- Executes dropped EXE
-
\??\c:\pnvjltr.exec:\pnvjltr.exe53⤵
- Executes dropped EXE
-
\??\c:\hdhlpt.exec:\hdhlpt.exe54⤵
- Executes dropped EXE
-
\??\c:\thjpr.exec:\thjpr.exe55⤵
- Executes dropped EXE
-
\??\c:\djjptl.exec:\djjptl.exe56⤵
- Executes dropped EXE
-
\??\c:\frbdjfr.exec:\frbdjfr.exe57⤵
- Executes dropped EXE
-
\??\c:\lllpl.exec:\lllpl.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\tlfjj.exec:\tlfjj.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xdhdftd.exec:\xdhdftd.exe61⤵
- Executes dropped EXE
-
\??\c:\jjxdrjt.exec:\jjxdrjt.exe62⤵
- Executes dropped EXE
-
\??\c:\rnntbx.exec:\rnntbx.exe63⤵
- Executes dropped EXE
-
\??\c:\fdlnv.exec:\fdlnv.exe64⤵
- Executes dropped EXE
-
\??\c:\trbvrlt.exec:\trbvrlt.exe65⤵
- Executes dropped EXE
-
\??\c:\lvtjjxj.exec:\lvtjjxj.exe66⤵
-
\??\c:\pjjrb.exec:\pjjrb.exe67⤵
-
\??\c:\fvxpf.exec:\fvxpf.exe68⤵
-
\??\c:\vrdpt.exec:\vrdpt.exe69⤵
-
\??\c:\jbbddj.exec:\jbbddj.exe70⤵
-
\??\c:\trvhnr.exec:\trvhnr.exe71⤵
-
\??\c:\rlnxnbp.exec:\rlnxnbp.exe72⤵
-
\??\c:\ptltpl.exec:\ptltpl.exe73⤵
-
\??\c:\nttthr.exec:\nttthr.exe74⤵
-
\??\c:\lprdrx.exec:\lprdrx.exe75⤵
-
\??\c:\prtfhbn.exec:\prtfhbn.exe76⤵
-
\??\c:\jprrp.exec:\jprrp.exe77⤵
-
\??\c:\vdxbrd.exec:\vdxbrd.exe78⤵
-
\??\c:\fpnlvv.exec:\fpnlvv.exe79⤵
-
\??\c:\vxvbphr.exec:\vxvbphr.exe80⤵
-
\??\c:\dhhxxl.exec:\dhhxxl.exe81⤵
-
\??\c:\njxdh.exec:\njxdh.exe82⤵
-
\??\c:\jvrnpf.exec:\jvrnpf.exe83⤵
-
\??\c:\dvnxn.exec:\dvnxn.exe84⤵
-
\??\c:\trrvd.exec:\trrvd.exe85⤵
-
\??\c:\hpbhf.exec:\hpbhf.exe86⤵
-
\??\c:\tfhnfrb.exec:\tfhnfrb.exe87⤵
-
\??\c:\vvntv.exec:\vvntv.exe88⤵
-
\??\c:\jrfrx.exec:\jrfrx.exe89⤵
-
\??\c:\hnlxt.exec:\hnlxt.exe90⤵
-
\??\c:\rjbph.exec:\rjbph.exe91⤵
-
\??\c:\nxthnj.exec:\nxthnj.exe92⤵
-
\??\c:\drpfnh.exec:\drpfnh.exe93⤵
-
\??\c:\dxflnh.exec:\dxflnh.exe94⤵
-
\??\c:\hdbprp.exec:\hdbprp.exe95⤵
-
\??\c:\vdfhr.exec:\vdfhr.exe96⤵
-
\??\c:\lhdbb.exec:\lhdbb.exe97⤵
-
\??\c:\vvpvhb.exec:\vvpvhb.exe98⤵
-
\??\c:\hvrjh.exec:\hvrjh.exe99⤵
-
\??\c:\pbrxxp.exec:\pbrxxp.exe100⤵
-
\??\c:\fdbnxl.exec:\fdbnxl.exe101⤵
-
\??\c:\bbrdnxx.exec:\bbrdnxx.exe102⤵
-
\??\c:\drdnxjv.exec:\drdnxjv.exe103⤵
-
\??\c:\ftjrlx.exec:\ftjrlx.exe104⤵
-
\??\c:\hldhjd.exec:\hldhjd.exe105⤵
-
\??\c:\nbjhb.exec:\nbjhb.exe106⤵
-
\??\c:\rlnvrth.exec:\rlnvrth.exe107⤵
-
\??\c:\ddfnr.exec:\ddfnr.exe108⤵
-
\??\c:\flhtrhr.exec:\flhtrhr.exe109⤵
-
\??\c:\frhxpdh.exec:\frhxpdh.exe110⤵
-
\??\c:\nxthn.exec:\nxthn.exe111⤵
-
\??\c:\bdpbxfb.exec:\bdpbxfb.exe112⤵
-
\??\c:\jfbpvth.exec:\jfbpvth.exe113⤵
-
\??\c:\hbpjr.exec:\hbpjr.exe114⤵
-
\??\c:\ndvhdpb.exec:\ndvhdpb.exe115⤵
-
\??\c:\hrnvl.exec:\hrnvl.exe116⤵
-
\??\c:\bfprv.exec:\bfprv.exe117⤵
-
\??\c:\rldldr.exec:\rldldr.exe118⤵
-
\??\c:\hhhjpdf.exec:\hhhjpdf.exe119⤵
-
\??\c:\nhbptd.exec:\nhbptd.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppjjrdf.exec:\ppjjrdf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-