Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 11:14
General
-
Target
26b7115b9451daed5dd2e3cbfb6f9a14baed6698545be3af2ef42a7a067fb37eN.exe
-
Size
453KB
-
MD5
1401a9b75c79f40df7d54ba8d44cc210
-
SHA1
abfa4f0218aee55d66b5eaf5916a034befeea20b
-
SHA256
26b7115b9451daed5dd2e3cbfb6f9a14baed6698545be3af2ef42a7a067fb37e
-
SHA512
5ee25e7d40a31446a7045bb54434c0271443ac10e7065cb111cccd3826ad9452bdd1d86a609f93fe5b49869d11c343eca3446eb12a03c0e8ee1358467cf131c6
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAben:q7Tc2NYHUrAwfMp3CDn
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\26b7115b9451daed5dd2e3cbfb6f9a14baed6698545be3af2ef42a7a067fb37eN.exe"C:\Users\Admin\AppData\Local\Temp\26b7115b9451daed5dd2e3cbfb6f9a14baed6698545be3af2ef42a7a067fb37eN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jfjpjfx.exec:\jfjpjfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjpdfj.exec:\hjpdfj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptrvxfl.exec:\ptrvxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlfjjtr.exec:\tlfjjtr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbrjlt.exec:\vbrjlt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htpbjt.exec:\htpbjt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbfxd.exec:\dbfxd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvppdbd.exec:\nvppdbd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdbpt.exec:\fdbpt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnxhd.exec:\fnxhd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdvtp.exec:\hdvtp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbdtrdj.exec:\dbdtrdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfhbld.exec:\vfhbld.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvxnxtj.exec:\fvxnxtj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfdjr.exec:\pfdjr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpdxvbd.exec:\rpdxvbd.exe17⤵
- Executes dropped EXE
-
\??\c:\bfdpx.exec:\bfdpx.exe18⤵
- Executes dropped EXE
-
\??\c:\trxllvr.exec:\trxllvr.exe19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbxndpx.exec:\nbxndpx.exe20⤵
- Executes dropped EXE
-
\??\c:\vvjltv.exec:\vvjltv.exe21⤵
- Executes dropped EXE
-
\??\c:\txbdjdv.exec:\txbdjdv.exe22⤵
- Executes dropped EXE
-
\??\c:\rfnntf.exec:\rfnntf.exe23⤵
- Executes dropped EXE
-
\??\c:\ffnfrjf.exec:\ffnfrjf.exe24⤵
- Executes dropped EXE
-
\??\c:\vdnhtd.exec:\vdnhtd.exe25⤵
- Executes dropped EXE
-
\??\c:\htpnrnj.exec:\htpnrnj.exe26⤵
- Executes dropped EXE
-
\??\c:\rbvjbd.exec:\rbvjbd.exe27⤵
- Executes dropped EXE
-
\??\c:\ndnvh.exec:\ndnvh.exe28⤵
- Executes dropped EXE
-
\??\c:\jdhpr.exec:\jdhpr.exe29⤵
- Executes dropped EXE
-
\??\c:\xdvdtjr.exec:\xdvdtjr.exe30⤵
- Executes dropped EXE
-
\??\c:\rpjvhhr.exec:\rpjvhhr.exe31⤵
- Executes dropped EXE
-
\??\c:\rnnln.exec:\rnnln.exe32⤵
- Executes dropped EXE
-
\??\c:\vfhrv.exec:\vfhrv.exe33⤵
- Executes dropped EXE
-
\??\c:\hnldpf.exec:\hnldpf.exe34⤵
- Executes dropped EXE
-
\??\c:\hntrv.exec:\hntrv.exe35⤵
- Executes dropped EXE
-
\??\c:\jrbrt.exec:\jrbrt.exe36⤵
- Executes dropped EXE
-
\??\c:\ddtxh.exec:\ddtxh.exe37⤵
- Executes dropped EXE
-
\??\c:\fvllxn.exec:\fvllxn.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpdjt.exec:\dpdjt.exe39⤵
- Executes dropped EXE
-
\??\c:\dnxrxhd.exec:\dnxrxhd.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\llxvfxd.exec:\llxvfxd.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nndnb.exec:\nndnb.exe42⤵
- Executes dropped EXE
-
\??\c:\vhnlh.exec:\vhnlh.exe43⤵
- Executes dropped EXE
-
\??\c:\tdrbb.exec:\tdrbb.exe44⤵
- Executes dropped EXE
-
\??\c:\pjtvvf.exec:\pjtvvf.exe45⤵
- Executes dropped EXE
-
\??\c:\bplhffn.exec:\bplhffn.exe46⤵
- Executes dropped EXE
-
\??\c:\txjtn.exec:\txjtn.exe47⤵
- Executes dropped EXE
-
\??\c:\lblbnt.exec:\lblbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\xhddb.exec:\xhddb.exe49⤵
- Executes dropped EXE
-
\??\c:\tjlfrx.exec:\tjlfrx.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vtdhp.exec:\vtdhp.exe51⤵
- Executes dropped EXE
-
\??\c:\bbhrxx.exec:\bbhrxx.exe52⤵
- Executes dropped EXE
-
\??\c:\jnlrfbx.exec:\jnlrfbx.exe53⤵
- Executes dropped EXE
-
\??\c:\fvxnlh.exec:\fvxnlh.exe54⤵
- Executes dropped EXE
-
\??\c:\vfdfvdh.exec:\vfdfvdh.exe55⤵
- Executes dropped EXE
-
\??\c:\lnvpvvt.exec:\lnvpvvt.exe56⤵
- Executes dropped EXE
-
\??\c:\ljjhrjb.exec:\ljjhrjb.exe57⤵
- Executes dropped EXE
-
\??\c:\ntnvtdb.exec:\ntnvtdb.exe58⤵
- Executes dropped EXE
-
\??\c:\bvnrn.exec:\bvnrn.exe59⤵
- Executes dropped EXE
-
\??\c:\rtnbp.exec:\rtnbp.exe60⤵
- Executes dropped EXE
-
\??\c:\vrtbh.exec:\vrtbh.exe61⤵
- Executes dropped EXE
-
\??\c:\hvtnvv.exec:\hvtnvv.exe62⤵
- Executes dropped EXE
-
\??\c:\fxthrvb.exec:\fxthrvb.exe63⤵
- Executes dropped EXE
-
\??\c:\frxxnp.exec:\frxxnp.exe64⤵
- Executes dropped EXE
-
\??\c:\jnlvt.exec:\jnlvt.exe65⤵
- Executes dropped EXE
-
\??\c:\xfjdvfv.exec:\xfjdvfv.exe66⤵
-
\??\c:\fvtnhjv.exec:\fvtnhjv.exe67⤵
-
\??\c:\lvpfj.exec:\lvpfj.exe68⤵
-
\??\c:\pjdplr.exec:\pjdplr.exe69⤵
-
\??\c:\jndfbb.exec:\jndfbb.exe70⤵
-
\??\c:\tplvj.exec:\tplvj.exe71⤵
-
\??\c:\jlnxbr.exec:\jlnxbr.exe72⤵
-
\??\c:\bfnbj.exec:\bfnbj.exe73⤵
-
\??\c:\ntvfn.exec:\ntvfn.exe74⤵
-
\??\c:\jjvnnfv.exec:\jjvnnfv.exe75⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe76⤵
-
\??\c:\tprrf.exec:\tprrf.exe77⤵
-
\??\c:\nphhhdv.exec:\nphhhdv.exe78⤵
-
\??\c:\tljfjjp.exec:\tljfjjp.exe79⤵
-
\??\c:\pxdtlfn.exec:\pxdtlfn.exe80⤵
-
\??\c:\vbrjpd.exec:\vbrjpd.exe81⤵
-
\??\c:\vjljb.exec:\vjljb.exe82⤵
-
\??\c:\jvdtp.exec:\jvdtp.exe83⤵
-
\??\c:\vvxfvr.exec:\vvxfvr.exe84⤵
-
\??\c:\ftxxpd.exec:\ftxxpd.exe85⤵
-
\??\c:\pvvpdt.exec:\pvvpdt.exe86⤵
-
\??\c:\vxtnb.exec:\vxtnb.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vxnljx.exec:\vxnljx.exe88⤵
-
\??\c:\nfpjrnj.exec:\nfpjrnj.exe89⤵
-
\??\c:\dpnnbvl.exec:\dpnnbvl.exe90⤵
-
\??\c:\ttlvt.exec:\ttlvt.exe91⤵
-
\??\c:\ffrhjv.exec:\ffrhjv.exe92⤵
-
\??\c:\njhvbvh.exec:\njhvbvh.exe93⤵
-
\??\c:\rxjrv.exec:\rxjrv.exe94⤵
-
\??\c:\trvpvh.exec:\trvpvh.exe95⤵
-
\??\c:\vbhrfph.exec:\vbhrfph.exe96⤵
-
\??\c:\hjtrb.exec:\hjtrb.exe97⤵
-
\??\c:\ffbnh.exec:\ffbnh.exe98⤵
-
\??\c:\vfnrbb.exec:\vfnrbb.exe99⤵
-
\??\c:\rtjbnfv.exec:\rtjbnfv.exe100⤵
-
\??\c:\xdnvxj.exec:\xdnvxj.exe101⤵
-
\??\c:\fpftl.exec:\fpftl.exe102⤵
-
\??\c:\tnjfv.exec:\tnjfv.exe103⤵
-
\??\c:\xnpxh.exec:\xnpxh.exe104⤵
-
\??\c:\ldjrfx.exec:\ldjrfx.exe105⤵
-
\??\c:\vpppxv.exec:\vpppxv.exe106⤵
-
\??\c:\jrptv.exec:\jrptv.exe107⤵
-
\??\c:\rvlblx.exec:\rvlblx.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\phfbfh.exec:\phfbfh.exe109⤵
-
\??\c:\djfvjtn.exec:\djfvjtn.exe110⤵
-
\??\c:\vdpdrl.exec:\vdpdrl.exe111⤵
-
\??\c:\frrdtj.exec:\frrdtj.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tfplv.exec:\tfplv.exe113⤵
-
\??\c:\nnpnxj.exec:\nnpnxj.exe114⤵
-
\??\c:\bfjlrrx.exec:\bfjlrrx.exe115⤵
-
\??\c:\rxtlb.exec:\rxtlb.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fllhhxx.exec:\fllhhxx.exe117⤵
-
\??\c:\tfrfjt.exec:\tfrfjt.exe118⤵
-
\??\c:\jrxlbh.exec:\jrxlbh.exe119⤵
-
\??\c:\vnvrfn.exec:\vnvrfn.exe120⤵
-
\??\c:\xlpdj.exec:\xlpdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-