Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26-12-2024 13:07
General
-
Target
b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430.exe
-
Size
79KB
-
MD5
5ca31353af0df933ff43e4068224be68
-
SHA1
67a4c51abfa77f0d9809d5ceaa4f0f96ef707b6a
-
SHA256
b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430
-
SHA512
2c7ff61d758c305cfac5a664f6786a7cca5423704b538bc463ff7ff2009ba01f31dedc1b782c470f3e4d9999c1266201d2faf0e71aa59b420b67cd2f6e0ff2f3
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5bx7DUQeDac7AkE:0cdpeeBSHHMHLf9Rybx7DYec7FE
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430.exe"C:\Users\Admin\AppData\Local\Temp\b2da9fc1d410876074784f886175152c92eed6409a2f6d6890ad88da52989430.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdj.exec:\vppdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxfx.exec:\lrrfxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrrlf.exec:\lxfrrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhttn.exec:\bbhttn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhttn.exec:\3bhttn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpj.exec:\pvjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrlfl.exec:\fxfrlfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnbn.exec:\9hbnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdv.exec:\vdvdv.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lffflrf.exec:\lffflrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbtth.exec:\5tbtth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhn.exec:\hhhhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdj.exec:\9pjdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxlf.exec:\frxlxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bthbt.exec:\3bthbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnnn.exec:\3ttnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpv.exec:\jjdpv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrxrl.exec:\ffxrxrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllxrl.exec:\flllxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\bthbnh.exec:\bthbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\pdpdv.exec:\pdpdv.exe25⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe26⤵
- Executes dropped EXE
-
\??\c:\xrrlrlf.exec:\xrrlrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\5thtnb.exec:\5thtnb.exe28⤵
- Executes dropped EXE
-
\??\c:\ntnhnh.exec:\ntnhnh.exe29⤵
- Executes dropped EXE
-
\??\c:\dpjvv.exec:\dpjvv.exe30⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\lflxrll.exec:\lflxrll.exe32⤵
- Executes dropped EXE
-
\??\c:\9nhthn.exec:\9nhthn.exe33⤵
- Executes dropped EXE
-
\??\c:\nnhtth.exec:\nnhtth.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1ddpd.exec:\1ddpd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxrxrl.exec:\ffxrxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbntt.exec:\ntbntt.exe38⤵
- Executes dropped EXE
-
\??\c:\bhnhtn.exec:\bhnhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe40⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe41⤵
- Executes dropped EXE
-
\??\c:\1frfrlf.exec:\1frfrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\7bnhhb.exec:\7bnhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\nthnnn.exec:\nthnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\7ppjv.exec:\7ppjv.exe46⤵
- Executes dropped EXE
-
\??\c:\fxffxxx.exec:\fxffxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe48⤵
- Executes dropped EXE
-
\??\c:\9pjdp.exec:\9pjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\1xfrlxr.exec:\1xfrlxr.exe51⤵
- Executes dropped EXE
-
\??\c:\bnbbbh.exec:\bnbbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe54⤵
- Executes dropped EXE
-
\??\c:\llrrlff.exec:\llrrlff.exe55⤵
- Executes dropped EXE
-
\??\c:\frfflll.exec:\frfflll.exe56⤵
- Executes dropped EXE
-
\??\c:\nbnnbn.exec:\nbnnbn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe59⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe60⤵
- Executes dropped EXE
-
\??\c:\rfffffx.exec:\rfffffx.exe61⤵
- Executes dropped EXE
-
\??\c:\rrrffll.exec:\rrrffll.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\7vjdp.exec:\7vjdp.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe66⤵
-
\??\c:\lffxffl.exec:\lffxffl.exe67⤵
-
\??\c:\xffrfrf.exec:\xffrfrf.exe68⤵
-
\??\c:\7bhhhb.exec:\7bhhhb.exe69⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe70⤵
-
\??\c:\dppdp.exec:\dppdp.exe71⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe72⤵
-
\??\c:\llfrlxr.exec:\llfrlxr.exe73⤵
-
\??\c:\bhbttt.exec:\bhbttt.exe74⤵
-
\??\c:\bttnbt.exec:\bttnbt.exe75⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe76⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe77⤵
-
\??\c:\rrrrfxr.exec:\rrrrfxr.exe78⤵
-
\??\c:\rfrrxrr.exec:\rfrrxrr.exe79⤵
-
\??\c:\thtthb.exec:\thtthb.exe80⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe81⤵
-
\??\c:\5jvjp.exec:\5jvjp.exe82⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe83⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe84⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe85⤵
-
\??\c:\3nnhbt.exec:\3nnhbt.exe86⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe87⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe88⤵
-
\??\c:\vvppj.exec:\vvppj.exe89⤵
-
\??\c:\5fllfff.exec:\5fllfff.exe90⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe91⤵
-
\??\c:\tnttnh.exec:\tnttnh.exe92⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe93⤵
-
\??\c:\jppjv.exec:\jppjv.exe94⤵
-
\??\c:\dppjp.exec:\dppjp.exe95⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe96⤵
-
\??\c:\xflfrrf.exec:\xflfrrf.exe97⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe98⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe99⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe100⤵
-
\??\c:\5llflfl.exec:\5llflfl.exe101⤵
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe102⤵
-
\??\c:\hnhnbb.exec:\hnhnbb.exe103⤵
-
\??\c:\hnnhth.exec:\hnnhth.exe104⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe105⤵
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe106⤵
-
\??\c:\3lffxxx.exec:\3lffxxx.exe107⤵
-
\??\c:\tnnbhn.exec:\tnnbhn.exe108⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe109⤵
-
\??\c:\9dpdp.exec:\9dpdp.exe110⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe111⤵
-
\??\c:\lfxlrrx.exec:\lfxlrrx.exe112⤵
-
\??\c:\3hhhtb.exec:\3hhhtb.exe113⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe114⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe115⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe116⤵
-
\??\c:\lxrrfxr.exec:\lxrrfxr.exe117⤵
-
\??\c:\9llllrx.exec:\9llllrx.exe118⤵
-
\??\c:\3bthhb.exec:\3bthhb.exe119⤵
-
\??\c:\nnnbnh.exec:\nnnbnh.exe120⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-