Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 15:06
General
-
Target
566fa276b1ca49e7de18f0cfc2bad39e6fc8722c457b19841f30d7e05d0ace8fN.exe
-
Size
454KB
-
MD5
6ca2580a1d08c5e5b3d1182cf10cd8e0
-
SHA1
b69acd30f2cd68f673c06d9d739db9fb95aab3b0
-
SHA256
566fa276b1ca49e7de18f0cfc2bad39e6fc8722c457b19841f30d7e05d0ace8f
-
SHA512
ab0d7473a29fe7f30b2de7453ec2815c87fd154b95cd52098a518b1c41b1693719ef6c141b0b0086b72742e62807086ba956f85d7af4e4a3907f0d7be3ccbc46
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeqK:q7Tc2NYHUrAwfMp3CDt
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\566fa276b1ca49e7de18f0cfc2bad39e6fc8722c457b19841f30d7e05d0ace8fN.exe"C:\Users\Admin\AppData\Local\Temp\566fa276b1ca49e7de18f0cfc2bad39e6fc8722c457b19841f30d7e05d0ace8fN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\268462.exec:\268462.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6020.exec:\a6020.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\602800.exec:\602800.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o244440.exec:\o244440.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrflrr.exec:\lfrflrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e48840.exec:\e48840.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4866440.exec:\4866440.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u244484.exec:\u244484.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frrfxl.exec:\5frrfxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\240000.exec:\240000.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g6446.exec:\g6446.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a2062.exec:\a2062.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrxlrx.exec:\7xrxlrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnb.exec:\bnbbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbt.exec:\nnttbt.exe17⤵
- Executes dropped EXE
-
\??\c:\i804006.exec:\i804006.exe18⤵
- Executes dropped EXE
-
\??\c:\64246.exec:\64246.exe19⤵
- Executes dropped EXE
-
\??\c:\k28000.exec:\k28000.exe20⤵
- Executes dropped EXE
-
\??\c:\7pvvj.exec:\7pvvj.exe21⤵
- Executes dropped EXE
-
\??\c:\nhbbbn.exec:\nhbbbn.exe22⤵
- Executes dropped EXE
-
\??\c:\9jdjd.exec:\9jdjd.exe23⤵
- Executes dropped EXE
-
\??\c:\648800.exec:\648800.exe24⤵
- Executes dropped EXE
-
\??\c:\bbntnt.exec:\bbntnt.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe26⤵
- Executes dropped EXE
-
\??\c:\4246402.exec:\4246402.exe27⤵
- Executes dropped EXE
-
\??\c:\frffllr.exec:\frffllr.exe28⤵
- Executes dropped EXE
-
\??\c:\1djpp.exec:\1djpp.exe29⤵
- Executes dropped EXE
-
\??\c:\xlffffx.exec:\xlffffx.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe31⤵
- Executes dropped EXE
-
\??\c:\6400222.exec:\6400222.exe32⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\1lrlrrl.exec:\1lrlrrl.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\646622.exec:\646622.exe35⤵
- Executes dropped EXE
-
\??\c:\80266.exec:\80266.exe36⤵
- Executes dropped EXE
-
\??\c:\xlrrfxx.exec:\xlrrfxx.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrllff.exec:\lxrllff.exe38⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\02484.exec:\02484.exe40⤵
- Executes dropped EXE
-
\??\c:\g6822.exec:\g6822.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe44⤵
- Executes dropped EXE
-
\??\c:\26846.exec:\26846.exe45⤵
- Executes dropped EXE
-
\??\c:\82440.exec:\82440.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\djpvj.exec:\djpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\6466824.exec:\6466824.exe48⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\428460.exec:\428460.exe51⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe52⤵
- Executes dropped EXE
-
\??\c:\68444.exec:\68444.exe53⤵
- Executes dropped EXE
-
\??\c:\rlxrfrx.exec:\rlxrfrx.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrrffx.exec:\fxrrffx.exe55⤵
- Executes dropped EXE
-
\??\c:\86440.exec:\86440.exe56⤵
- Executes dropped EXE
-
\??\c:\htnhhh.exec:\htnhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\u808200.exec:\u808200.exe58⤵
- Executes dropped EXE
-
\??\c:\bntbbb.exec:\bntbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\i028824.exec:\i028824.exe60⤵
- Executes dropped EXE
-
\??\c:\5lxffxl.exec:\5lxffxl.exe61⤵
- Executes dropped EXE
-
\??\c:\o064488.exec:\o064488.exe62⤵
- Executes dropped EXE
-
\??\c:\6026666.exec:\6026666.exe63⤵
- Executes dropped EXE
-
\??\c:\04648.exec:\04648.exe64⤵
- Executes dropped EXE
-
\??\c:\fxfrxxr.exec:\fxfrxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\040044.exec:\040044.exe66⤵
-
\??\c:\m4044.exec:\m4044.exe67⤵
-
\??\c:\3hnhht.exec:\3hnhht.exe68⤵
-
\??\c:\806440.exec:\806440.exe69⤵
-
\??\c:\u244000.exec:\u244000.exe70⤵
-
\??\c:\0800262.exec:\0800262.exe71⤵
-
\??\c:\bntttn.exec:\bntttn.exe72⤵
-
\??\c:\djdjp.exec:\djdjp.exe73⤵
-
\??\c:\u804222.exec:\u804222.exe74⤵
-
\??\c:\202266.exec:\202266.exe75⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe76⤵
-
\??\c:\46822.exec:\46822.exe77⤵
-
\??\c:\4682826.exec:\4682826.exe78⤵
-
\??\c:\02844.exec:\02844.exe79⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe80⤵
-
\??\c:\e64446.exec:\e64446.exe81⤵
-
\??\c:\o422262.exec:\o422262.exe82⤵
-
\??\c:\86884.exec:\86884.exe83⤵
-
\??\c:\a4622.exec:\a4622.exe84⤵
-
\??\c:\5nbbnh.exec:\5nbbnh.exe85⤵
-
\??\c:\08446.exec:\08446.exe86⤵
-
\??\c:\q02888.exec:\q02888.exe87⤵
-
\??\c:\q46288.exec:\q46288.exe88⤵
-
\??\c:\flllxxr.exec:\flllxxr.exe89⤵
-
\??\c:\64002.exec:\64002.exe90⤵
-
\??\c:\00802.exec:\00802.exe91⤵
-
\??\c:\60460.exec:\60460.exe92⤵
-
\??\c:\6466228.exec:\6466228.exe93⤵
-
\??\c:\1vdjp.exec:\1vdjp.exe94⤵
-
\??\c:\262286.exec:\262286.exe95⤵
-
\??\c:\202828.exec:\202828.exe96⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe97⤵
-
\??\c:\8206884.exec:\8206884.exe98⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htbbhn.exec:\htbbhn.exe99⤵
-
\??\c:\46222.exec:\46222.exe100⤵
-
\??\c:\i462224.exec:\i462224.exe101⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe102⤵
-
\??\c:\w86682.exec:\w86682.exe103⤵
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe104⤵
-
\??\c:\pvddj.exec:\pvddj.exe105⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe106⤵
-
\??\c:\08408.exec:\08408.exe107⤵
-
\??\c:\jdddp.exec:\jdddp.exe108⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe109⤵
-
\??\c:\k04028.exec:\k04028.exe110⤵
-
\??\c:\86468.exec:\86468.exe111⤵
-
\??\c:\7fllrrr.exec:\7fllrrr.exe112⤵
-
\??\c:\000268.exec:\000268.exe113⤵
-
\??\c:\8620426.exec:\8620426.exe114⤵
-
\??\c:\llxfxrf.exec:\llxfxrf.exe115⤵
-
\??\c:\60802.exec:\60802.exe116⤵
-
\??\c:\u868008.exec:\u868008.exe117⤵
-
\??\c:\608684.exec:\608684.exe118⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe119⤵
-
\??\c:\642840.exec:\642840.exe120⤵
-
\??\c:\tnntbh.exec:\tnntbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-