Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 13:07
General
-
Target
b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430.exe
-
Size
79KB
-
MD5
5ca31353af0df933ff43e4068224be68
-
SHA1
67a4c51abfa77f0d9809d5ceaa4f0f96ef707b6a
-
SHA256
b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430
-
SHA512
2c7ff61d758c305cfac5a664f6786a7cca5423704b538bc463ff7ff2009ba01f31dedc1b782c470f3e4d9999c1266201d2faf0e71aa59b420b67cd2f6e0ff2f3
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5bx7DUQeDac7AkE:0cdpeeBSHHMHLf9Rybx7DYec7FE
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 52 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430.exe"C:\Users\Admin\AppData\Local\Temp\b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfrrx.exec:\frlfrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxfll.exec:\fxxxfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjp.exec:\vjvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jddv.exec:\1jddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxllr.exec:\fxfxllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnh.exec:\nnbhnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vddd.exec:\1vddd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrxf.exec:\xrrrrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrxxr.exec:\3frrxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htttt.exec:\5htttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjjv.exec:\7pjjv.exe17⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe18⤵
- Executes dropped EXE
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\9hbbhb.exec:\9hbbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe21⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe22⤵
- Executes dropped EXE
-
\??\c:\5vvpv.exec:\5vvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\rlxfffr.exec:\rlxfffr.exe24⤵
- Executes dropped EXE
-
\??\c:\5frlxxf.exec:\5frlxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\3hbbhb.exec:\3hbbhb.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\5tbhhn.exec:\5tbhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\9xllxff.exec:\9xllxff.exe29⤵
- Executes dropped EXE
-
\??\c:\hhntth.exec:\hhntth.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\5dpdd.exec:\5dpdd.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\llflxrx.exec:\llflxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\ntntbn.exec:\ntntbn.exe35⤵
- Executes dropped EXE
-
\??\c:\bbtbnn.exec:\bbtbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\lfffrxf.exec:\lfffrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\lflfflr.exec:\lflfflr.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbthb.exec:\bnbthb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvjjp.exec:\vvjjp.exe41⤵
- Executes dropped EXE
-
\??\c:\ffrrlrx.exec:\ffrrlrx.exe42⤵
- Executes dropped EXE
-
\??\c:\7xrrrlr.exec:\7xrrrlr.exe43⤵
- Executes dropped EXE
-
\??\c:\nhthbh.exec:\nhthbh.exe44⤵
- Executes dropped EXE
-
\??\c:\tthbhb.exec:\tthbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe46⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe47⤵
- Executes dropped EXE
-
\??\c:\xxffxxl.exec:\xxffxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrxxfl.exec:\xrrxxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\9bhttn.exec:\9bhttn.exe52⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe53⤵
- Executes dropped EXE
-
\??\c:\fffffxr.exec:\fffffxr.exe54⤵
- Executes dropped EXE
-
\??\c:\llxxxfl.exec:\llxxxfl.exe55⤵
- Executes dropped EXE
-
\??\c:\hbtbbb.exec:\hbtbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe58⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe59⤵
- Executes dropped EXE
-
\??\c:\fxffxfr.exec:\fxffxfr.exe60⤵
- Executes dropped EXE
-
\??\c:\rrfrrrx.exec:\rrfrrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\htntbb.exec:\htntbb.exe62⤵
- Executes dropped EXE
-
\??\c:\nnthnn.exec:\nnthnn.exe63⤵
- Executes dropped EXE
-
\??\c:\7dppp.exec:\7dppp.exe64⤵
- Executes dropped EXE
-
\??\c:\3vjjd.exec:\3vjjd.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrlflr.exec:\ffrlflr.exe66⤵
-
\??\c:\1rlllff.exec:\1rlllff.exe67⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe68⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe69⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe70⤵
-
\??\c:\1thttb.exec:\1thttb.exe71⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjddj.exec:\pjddj.exe73⤵
-
\??\c:\7djdd.exec:\7djdd.exe74⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe75⤵
-
\??\c:\7ffllrx.exec:\7ffllrx.exe76⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe77⤵
-
\??\c:\tbntbb.exec:\tbntbb.exe78⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe79⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe80⤵
-
\??\c:\jddjp.exec:\jddjp.exe81⤵
-
\??\c:\llffxxf.exec:\llffxxf.exe82⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nthntt.exec:\nthntt.exe84⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe85⤵
-
\??\c:\dvppd.exec:\dvppd.exe86⤵
-
\??\c:\pvppv.exec:\pvppv.exe87⤵
-
\??\c:\1lrrrxf.exec:\1lrrrxf.exe88⤵
-
\??\c:\xxxfrlx.exec:\xxxfrlx.exe89⤵
-
\??\c:\lfflxfr.exec:\lfflxfr.exe90⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe91⤵
-
\??\c:\5hhhnn.exec:\5hhhnn.exe92⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe93⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe94⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe95⤵
-
\??\c:\7lxxfxf.exec:\7lxxfxf.exe96⤵
-
\??\c:\3tbbnn.exec:\3tbbnn.exe97⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe98⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe99⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe100⤵
-
\??\c:\llfxxrf.exec:\llfxxrf.exe101⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe102⤵
-
\??\c:\3nhhnt.exec:\3nhhnt.exe103⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe104⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe105⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe106⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe107⤵
-
\??\c:\7lxllrr.exec:\7lxllrr.exe108⤵
-
\??\c:\1xxfffl.exec:\1xxfffl.exe109⤵
-
\??\c:\9htnnt.exec:\9htnnt.exe110⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe111⤵
-
\??\c:\ttnnnh.exec:\ttnnnh.exe112⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe113⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe114⤵
-
\??\c:\1rxrfxf.exec:\1rxrfxf.exe115⤵
-
\??\c:\llxlllx.exec:\llxlllx.exe116⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe117⤵
-
\??\c:\nnbhhb.exec:\nnbhhb.exe118⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe119⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe120⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-