Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 09:01
General
-
Target
551ca38b20b40d7c1beb309677f2a466981067d27846c447094edb0fa3f7a779.exe
-
Size
456KB
-
MD5
67ede20ca1951016d4d3d533898ccecb
-
SHA1
c0dd03efcc764e463019c7ac6365a38bc000e098
-
SHA256
551ca38b20b40d7c1beb309677f2a466981067d27846c447094edb0fa3f7a779
-
SHA512
3a2b9d95bcd4d2080ce4bc8c357b3db884980dbddee0df17ac66c6f58596cbeeb3af48b91d7b0048ad8bc09c4bb0bcc74ecef556e9e65f2e1b5e7f9243c9cc8c
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbelE:q7Tc2NYHUrAwfMp3CDq
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\551ca38b20b40d7c1beb309677f2a466981067d27846c447094edb0fa3f7a779.exe"C:\Users\Admin\AppData\Local\Temp\551ca38b20b40d7c1beb309677f2a466981067d27846c447094edb0fa3f7a779.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpxhn.exec:\vpxhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhvnrp.exec:\fhvnrp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffpp.exec:\rffpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxnpt.exec:\rxnpt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxnvtd.exec:\rxnvtd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftdlh.exec:\ftdlh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdnnfpj.exec:\vdnnfpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljbfxtd.exec:\ljbfxtd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlvb.exec:\rrxlvb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbvdft.exec:\nbvdft.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdfn.exec:\vvdfn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlbhfh.exec:\dlbhfh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdbnbtl.exec:\vdbnbtl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfbjj.exec:\vfbjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtjtnvb.exec:\rtjtnvb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrrxv.exec:\jrrxv.exe17⤵
- Executes dropped EXE
-
\??\c:\ltflf.exec:\ltflf.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fvrxt.exec:\fvrxt.exe19⤵
- Executes dropped EXE
-
\??\c:\hjxffx.exec:\hjxffx.exe20⤵
- Executes dropped EXE
-
\??\c:\tbhjj.exec:\tbhjj.exe21⤵
- Executes dropped EXE
-
\??\c:\jftnn.exec:\jftnn.exe22⤵
- Executes dropped EXE
-
\??\c:\ddnxfpj.exec:\ddnxfpj.exe23⤵
- Executes dropped EXE
-
\??\c:\fllddtx.exec:\fllddtx.exe24⤵
- Executes dropped EXE
-
\??\c:\lnfpv.exec:\lnfpv.exe25⤵
- Executes dropped EXE
-
\??\c:\tbbdf.exec:\tbbdf.exe26⤵
- Executes dropped EXE
-
\??\c:\hvnrj.exec:\hvnrj.exe27⤵
- Executes dropped EXE
-
\??\c:\jrnnx.exec:\jrnnx.exe28⤵
- Executes dropped EXE
-
\??\c:\bjlrxx.exec:\bjlrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\bpdlx.exec:\bpdlx.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jpprtbx.exec:\jpprtbx.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dtnnbt.exec:\dtnnbt.exe32⤵
- Executes dropped EXE
-
\??\c:\txjbrf.exec:\txjbrf.exe33⤵
- Executes dropped EXE
-
\??\c:\rnphnd.exec:\rnphnd.exe34⤵
- Executes dropped EXE
-
\??\c:\vbdtbn.exec:\vbdtbn.exe35⤵
- Executes dropped EXE
-
\??\c:\rdpxvbt.exec:\rdpxvbt.exe36⤵
- Executes dropped EXE
-
\??\c:\dnvrnvb.exec:\dnvrnvb.exe37⤵
- Executes dropped EXE
-
\??\c:\bdtxffn.exec:\bdtxffn.exe38⤵
- Executes dropped EXE
-
\??\c:\rdtrt.exec:\rdtrt.exe39⤵
- Executes dropped EXE
-
\??\c:\hvrdh.exec:\hvrdh.exe40⤵
- Executes dropped EXE
-
\??\c:\dhdrj.exec:\dhdrj.exe41⤵
- Executes dropped EXE
-
\??\c:\hlhbj.exec:\hlhbj.exe42⤵
- Executes dropped EXE
-
\??\c:\thtpnh.exec:\thtpnh.exe43⤵
- Executes dropped EXE
-
\??\c:\nprprvp.exec:\nprprvp.exe44⤵
- Executes dropped EXE
-
\??\c:\djntdfj.exec:\djntdfj.exe45⤵
- Executes dropped EXE
-
\??\c:\fdffr.exec:\fdffr.exe46⤵
- Executes dropped EXE
-
\??\c:\djxndn.exec:\djxndn.exe47⤵
- Executes dropped EXE
-
\??\c:\dlnlnt.exec:\dlnlnt.exe48⤵
- Executes dropped EXE
-
\??\c:\fbfltfr.exec:\fbfltfr.exe49⤵
- Executes dropped EXE
-
\??\c:\xxhxb.exec:\xxhxb.exe50⤵
- Executes dropped EXE
-
\??\c:\phrtj.exec:\phrtj.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrnnpvn.exec:\rrnnpvn.exe52⤵
- Executes dropped EXE
-
\??\c:\vtlnb.exec:\vtlnb.exe53⤵
- Executes dropped EXE
-
\??\c:\thlnlxr.exec:\thlnlxr.exe54⤵
- Executes dropped EXE
-
\??\c:\ltxfxdd.exec:\ltxfxdd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrdbb.exec:\xrdbb.exe56⤵
- Executes dropped EXE
-
\??\c:\ljjtn.exec:\ljjtn.exe57⤵
- Executes dropped EXE
-
\??\c:\jfnnlr.exec:\jfnnlr.exe58⤵
- Executes dropped EXE
-
\??\c:\xhlxl.exec:\xhlxl.exe59⤵
- Executes dropped EXE
-
\??\c:\xtndn.exec:\xtndn.exe60⤵
- Executes dropped EXE
-
\??\c:\nnfvb.exec:\nnfvb.exe61⤵
- Executes dropped EXE
-
\??\c:\ltbddnt.exec:\ltbddnt.exe62⤵
- Executes dropped EXE
-
\??\c:\bbxtb.exec:\bbxtb.exe63⤵
- Executes dropped EXE
-
\??\c:\rjvppd.exec:\rjvppd.exe64⤵
- Executes dropped EXE
-
\??\c:\lxtdb.exec:\lxtdb.exe65⤵
- Executes dropped EXE
-
\??\c:\blbjp.exec:\blbjp.exe66⤵
-
\??\c:\fblbb.exec:\fblbb.exe67⤵
-
\??\c:\ndjdl.exec:\ndjdl.exe68⤵
-
\??\c:\nbndlh.exec:\nbndlh.exe69⤵
-
\??\c:\hdxdx.exec:\hdxdx.exe70⤵
-
\??\c:\dfbjxj.exec:\dfbjxj.exe71⤵
-
\??\c:\dfxdhbl.exec:\dfxdhbl.exe72⤵
-
\??\c:\rtvvt.exec:\rtvvt.exe73⤵
-
\??\c:\rjfndv.exec:\rjfndv.exe74⤵
-
\??\c:\jpnpvbb.exec:\jpnpvbb.exe75⤵
-
\??\c:\vjlpnh.exec:\vjlpnh.exe76⤵
-
\??\c:\nnljvpv.exec:\nnljvpv.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jnxjx.exec:\jnxjx.exe78⤵
-
\??\c:\xbptrn.exec:\xbptrn.exe79⤵
-
\??\c:\hnhtlj.exec:\hnhtlj.exe80⤵
-
\??\c:\fpxjp.exec:\fpxjp.exe81⤵
-
\??\c:\jpxjb.exec:\jpxjb.exe82⤵
-
\??\c:\bbrpjnl.exec:\bbrpjnl.exe83⤵
-
\??\c:\jvfvtlp.exec:\jvfvtlp.exe84⤵
-
\??\c:\ppfnb.exec:\ppfnb.exe85⤵
-
\??\c:\vnrbtvl.exec:\vnrbtvl.exe86⤵
-
\??\c:\fjlpfpb.exec:\fjlpfpb.exe87⤵
-
\??\c:\drfdfn.exec:\drfdfn.exe88⤵
-
\??\c:\tndtjvf.exec:\tndtjvf.exe89⤵
-
\??\c:\bjvnnj.exec:\bjvnnj.exe90⤵
-
\??\c:\rhjnph.exec:\rhjnph.exe91⤵
-
\??\c:\tpfdll.exec:\tpfdll.exe92⤵
-
\??\c:\fnlnv.exec:\fnlnv.exe93⤵
-
\??\c:\rnbnr.exec:\rnbnr.exe94⤵
-
\??\c:\nprbpb.exec:\nprbpb.exe95⤵
-
\??\c:\jhndrr.exec:\jhndrr.exe96⤵
-
\??\c:\fxvvn.exec:\fxvvn.exe97⤵
-
\??\c:\dnjlb.exec:\dnjlb.exe98⤵
-
\??\c:\dvfvh.exec:\dvfvh.exe99⤵
-
\??\c:\ttfbvrv.exec:\ttfbvrv.exe100⤵
-
\??\c:\jvbxrbb.exec:\jvbxrbb.exe101⤵
-
\??\c:\ftvrxjv.exec:\ftvrxjv.exe102⤵
-
\??\c:\rvrtr.exec:\rvrtr.exe103⤵
-
\??\c:\njvprl.exec:\njvprl.exe104⤵
-
\??\c:\dnbnxb.exec:\dnbnxb.exe105⤵
-
\??\c:\fltvnrh.exec:\fltvnrh.exe106⤵
-
\??\c:\ftbtx.exec:\ftbtx.exe107⤵
-
\??\c:\tbvdhrt.exec:\tbvdhrt.exe108⤵
-
\??\c:\fjjbtpr.exec:\fjjbtpr.exe109⤵
-
\??\c:\vtvxtnh.exec:\vtvxtnh.exe110⤵
-
\??\c:\ddhvr.exec:\ddhvr.exe111⤵
-
\??\c:\xfldfxp.exec:\xfldfxp.exe112⤵
-
\??\c:\jrlxpnp.exec:\jrlxpnp.exe113⤵
-
\??\c:\htftfp.exec:\htftfp.exe114⤵
-
\??\c:\rjlfjf.exec:\rjlfjf.exe115⤵
-
\??\c:\rtnvp.exec:\rtnvp.exe116⤵
-
\??\c:\pttjx.exec:\pttjx.exe117⤵
-
\??\c:\rfrhx.exec:\rfrhx.exe118⤵
-
\??\c:\xtnvp.exec:\xtnvp.exe119⤵
-
\??\c:\ffxlhd.exec:\ffxlhd.exe120⤵
-
\??\c:\dtplr.exec:\dtplr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-