Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 09:20
General
-
Target
b6c193de6d8744bdc0769f5c8abe2fefefce742fa3be460b1619fa4a8f75b84d.exe
-
Size
454KB
-
MD5
028354d76bfca5b4d8452fd7dad45001
-
SHA1
7f5a15adf340040e323df9c4e43360861f3c5200
-
SHA256
b6c193de6d8744bdc0769f5c8abe2fefefce742fa3be460b1619fa4a8f75b84d
-
SHA512
ce6edfa4d27a6dc8a054b093bb97afceb40da0b01913efff223e5305094cc920f4ec3f9b807eb1458c5c417b01965e7043385aaac8a3b827440dfd2314a2ffa1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeU:q7Tc2NYHUrAwfMp3CDU
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6c193de6d8744bdc0769f5c8abe2fefefce742fa3be460b1619fa4a8f75b84d.exe"C:\Users\Admin\AppData\Local\Temp\b6c193de6d8744bdc0769f5c8abe2fefefce742fa3be460b1619fa4a8f75b84d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhxvlrv.exec:\bhxvlrv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpttp.exec:\hpttp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthvxll.exec:\bthvxll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dblfdll.exec:\dblfdll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbrpl.exec:\xbrpl.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\djxvfh.exec:\djxvfh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdthbf.exec:\jdthbf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tflbrv.exec:\tflbrv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbxxt.exec:\bbxxt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfnjptp.exec:\tfnjptp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfhpt.exec:\lfhpt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrjd.exec:\rflrjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbdtvvr.exec:\vbdtvvr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brlltlx.exec:\brlltlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbvbd.exec:\nbnbvbd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbtjp.exec:\fbtjp.exe17⤵
- Executes dropped EXE
-
\??\c:\tdvltxv.exec:\tdvltxv.exe18⤵
- Executes dropped EXE
-
\??\c:\pxbpvnn.exec:\pxbpvnn.exe19⤵
- Executes dropped EXE
-
\??\c:\nhfvjr.exec:\nhfvjr.exe20⤵
- Executes dropped EXE
-
\??\c:\xxrfp.exec:\xxrfp.exe21⤵
- Executes dropped EXE
-
\??\c:\vbfnjpf.exec:\vbfnjpf.exe22⤵
- Executes dropped EXE
-
\??\c:\fnldf.exec:\fnldf.exe23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rbpvjj.exec:\rbpvjj.exe24⤵
- Executes dropped EXE
-
\??\c:\tjfnpf.exec:\tjfnpf.exe25⤵
- Executes dropped EXE
-
\??\c:\blvrp.exec:\blvrp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrnnb.exec:\xrnnb.exe27⤵
- Executes dropped EXE
-
\??\c:\ftjnt.exec:\ftjnt.exe28⤵
- Executes dropped EXE
-
\??\c:\fvhtvj.exec:\fvhtvj.exe29⤵
- Executes dropped EXE
-
\??\c:\trfhrlr.exec:\trfhrlr.exe30⤵
- Executes dropped EXE
-
\??\c:\lbhrbjf.exec:\lbhrbjf.exe31⤵
- Executes dropped EXE
-
\??\c:\pfdfh.exec:\pfdfh.exe32⤵
- Executes dropped EXE
-
\??\c:\pfhbtfx.exec:\pfhbtfx.exe33⤵
- Executes dropped EXE
-
\??\c:\vnlphx.exec:\vnlphx.exe34⤵
- Executes dropped EXE
-
\??\c:\pdflxp.exec:\pdflxp.exe35⤵
- Executes dropped EXE
-
\??\c:\bhrfvpf.exec:\bhrfvpf.exe36⤵
-
\??\c:\bprlhlr.exec:\bprlhlr.exe37⤵
- Executes dropped EXE
-
\??\c:\bvfjxp.exec:\bvfjxp.exe38⤵
- Executes dropped EXE
-
\??\c:\xhbrthr.exec:\xhbrthr.exe39⤵
- Executes dropped EXE
-
\??\c:\fvxhxdr.exec:\fvxhxdr.exe40⤵
- Executes dropped EXE
-
\??\c:\vnbhhdr.exec:\vnbhhdr.exe41⤵
- Executes dropped EXE
-
\??\c:\fnxrln.exec:\fnxrln.exe42⤵
- Executes dropped EXE
-
\??\c:\fjllxjn.exec:\fjllxjn.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dfxdv.exec:\dfxdv.exe44⤵
- Executes dropped EXE
-
\??\c:\nrbjrjd.exec:\nrbjrjd.exe45⤵
- Executes dropped EXE
-
\??\c:\pvndbp.exec:\pvndbp.exe46⤵
- Executes dropped EXE
-
\??\c:\rndjdr.exec:\rndjdr.exe47⤵
- Executes dropped EXE
-
\??\c:\jphdn.exec:\jphdn.exe48⤵
- Executes dropped EXE
-
\??\c:\nrlrrbh.exec:\nrlrrbh.exe49⤵
- Executes dropped EXE
-
\??\c:\hnfpnrx.exec:\hnfpnrx.exe50⤵
- Executes dropped EXE
-
\??\c:\xhtbjp.exec:\xhtbjp.exe51⤵
- Executes dropped EXE
-
\??\c:\jjjjlp.exec:\jjjjlp.exe52⤵
- Executes dropped EXE
-
\??\c:\bfvxbn.exec:\bfvxbn.exe53⤵
- Executes dropped EXE
-
\??\c:\xxpvpd.exec:\xxpvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\jjnbpd.exec:\jjnbpd.exe55⤵
- Executes dropped EXE
-
\??\c:\vxrnpf.exec:\vxrnpf.exe56⤵
- Executes dropped EXE
-
\??\c:\xnvtff.exec:\xnvtff.exe57⤵
- Executes dropped EXE
-
\??\c:\lhxnn.exec:\lhxnn.exe58⤵
- Executes dropped EXE
-
\??\c:\dhfvpb.exec:\dhfvpb.exe59⤵
- Executes dropped EXE
-
\??\c:\jrdbbx.exec:\jrdbbx.exe60⤵
- Executes dropped EXE
-
\??\c:\dhtbnpf.exec:\dhtbnpf.exe61⤵
- Executes dropped EXE
-
\??\c:\xfvdnrr.exec:\xfvdnrr.exe62⤵
- Executes dropped EXE
-
\??\c:\lhnvb.exec:\lhnvb.exe63⤵
- Executes dropped EXE
-
\??\c:\jhlfrpd.exec:\jhlfrpd.exe64⤵
- Executes dropped EXE
-
\??\c:\pnthhtj.exec:\pnthhtj.exe65⤵
- Executes dropped EXE
-
\??\c:\rvnxhf.exec:\rvnxhf.exe66⤵
- Executes dropped EXE
-
\??\c:\nbnjfnr.exec:\nbnjfnr.exe67⤵
-
\??\c:\ptjdrdv.exec:\ptjdrdv.exe68⤵
-
\??\c:\fndhhdp.exec:\fndhhdp.exe69⤵
-
\??\c:\tvtxb.exec:\tvtxb.exe70⤵
-
\??\c:\lnbnv.exec:\lnbnv.exe71⤵
-
\??\c:\dvvrbvp.exec:\dvvrbvp.exe72⤵
-
\??\c:\pxhvlbd.exec:\pxhvlbd.exe73⤵
-
\??\c:\xndtpb.exec:\xndtpb.exe74⤵
-
\??\c:\ptbpvb.exec:\ptbpvb.exe75⤵
-
\??\c:\ljnbh.exec:\ljnbh.exe76⤵
-
\??\c:\lrbjb.exec:\lrbjb.exe77⤵
-
\??\c:\rtdtt.exec:\rtdtt.exe78⤵
-
\??\c:\htbpfhp.exec:\htbpfhp.exe79⤵
-
\??\c:\xhtvjb.exec:\xhtvjb.exe80⤵
-
\??\c:\jbnhhxj.exec:\jbnhhxj.exe81⤵
-
\??\c:\ltfrr.exec:\ltfrr.exe82⤵
-
\??\c:\rxhppv.exec:\rxhppv.exe83⤵
-
\??\c:\pddlptp.exec:\pddlptp.exe84⤵
-
\??\c:\jljpbj.exec:\jljpbj.exe85⤵
-
\??\c:\tfxlrdv.exec:\tfxlrdv.exe86⤵
-
\??\c:\jtxrtj.exec:\jtxrtj.exe87⤵
-
\??\c:\lhvfn.exec:\lhvfn.exe88⤵
-
\??\c:\xbxjf.exec:\xbxjf.exe89⤵
-
\??\c:\vnvpjp.exec:\vnvpjp.exe90⤵
-
\??\c:\xdvrbp.exec:\xdvrbp.exe91⤵
-
\??\c:\vrrfnxr.exec:\vrrfnxr.exe92⤵
-
\??\c:\bnjndl.exec:\bnjndl.exe93⤵
-
\??\c:\dfpfbp.exec:\dfpfbp.exe94⤵
-
\??\c:\jlppppx.exec:\jlppppx.exe95⤵
-
\??\c:\nbftl.exec:\nbftl.exe96⤵
-
\??\c:\lprvr.exec:\lprvr.exe97⤵
-
\??\c:\pjrfn.exec:\pjrfn.exe98⤵
-
\??\c:\fjhffvh.exec:\fjhffvh.exe99⤵
-
\??\c:\vbnfj.exec:\vbnfj.exe100⤵
-
\??\c:\pbprx.exec:\pbprx.exe101⤵
-
\??\c:\nrlbnb.exec:\nrlbnb.exe102⤵
-
\??\c:\vvbfn.exec:\vvbfn.exe103⤵
-
\??\c:\fdnthr.exec:\fdnthr.exe104⤵
-
\??\c:\btlnrl.exec:\btlnrl.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbrhvf.exec:\hbrhvf.exe106⤵
-
\??\c:\rtxlb.exec:\rtxlb.exe107⤵
-
\??\c:\jhjfpj.exec:\jhjfpj.exe108⤵
-
\??\c:\jdxpjt.exec:\jdxpjt.exe109⤵
-
\??\c:\lltdlr.exec:\lltdlr.exe110⤵
-
\??\c:\tnhrn.exec:\tnhrn.exe111⤵
-
\??\c:\bxlthr.exec:\bxlthr.exe112⤵
-
\??\c:\ntjlfxp.exec:\ntjlfxp.exe113⤵
-
\??\c:\ffdlxxh.exec:\ffdlxxh.exe114⤵
-
\??\c:\rbltb.exec:\rbltb.exe115⤵
-
\??\c:\nbdrlt.exec:\nbdrlt.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rftxvhn.exec:\rftxvhn.exe117⤵
-
\??\c:\vllrd.exec:\vllrd.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxdfdt.exec:\lxdfdt.exe119⤵
-
\??\c:\hjjrxjb.exec:\hjjrxjb.exe120⤵
-
\??\c:\lnjtjj.exec:\lnjtjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-