Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 15:07
General
-
Target
820b4f579308df5d350ce9ccd4ffd11c5106a3599d63ee8aa623fce5d6ae7c63.exe
-
Size
453KB
-
MD5
97feb28f0e447340ec6bf8dd58ba249f
-
SHA1
179b749a42ce30fb49443f3a163dde6c1b541cb1
-
SHA256
820b4f579308df5d350ce9ccd4ffd11c5106a3599d63ee8aa623fce5d6ae7c63
-
SHA512
5e0266f3226adf2ea72e5c1b6379f6bd5751391f23e40a1b9e5a945f7234abd4a46fe11bc7bb306d2245585a209f0f6e7fbbc3c634bbd4c94adb9b778d3b141f
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeN:q7Tc2NYHUrAwfMp3CDN
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\820b4f579308df5d350ce9ccd4ffd11c5106a3599d63ee8aa623fce5d6ae7c63.exe"C:\Users\Admin\AppData\Local\Temp\820b4f579308df5d350ce9ccd4ffd11c5106a3599d63ee8aa623fce5d6ae7c63.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpnbj.exec:\vpnbj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btvvj.exec:\btvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnpxrfr.exec:\jnpxrfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhfnndt.exec:\lhfnndt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnvpt.exec:\bnnvpt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjlph.exec:\rjlph.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvbrb.exec:\rvbrb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjfbxd.exec:\tjfbxd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxlrl.exec:\jxlrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtjr.exec:\thtjr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfbtr.exec:\pfbtr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhppdd.exec:\bhhppdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdvhfjn.exec:\rdvhfjn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjhjxp.exec:\fjhjxp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lttlfv.exec:\lttlfv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxxxrbt.exec:\nxxxrbt.exe17⤵
- Executes dropped EXE
-
\??\c:\rfdtld.exec:\rfdtld.exe18⤵
- Executes dropped EXE
-
\??\c:\ndvfl.exec:\ndvfl.exe19⤵
- Executes dropped EXE
-
\??\c:\rllpv.exec:\rllpv.exe20⤵
- Executes dropped EXE
-
\??\c:\rjbbr.exec:\rjbbr.exe21⤵
- Executes dropped EXE
-
\??\c:\htbnxtf.exec:\htbnxtf.exe22⤵
- Executes dropped EXE
-
\??\c:\vxprxr.exec:\vxprxr.exe23⤵
- Executes dropped EXE
-
\??\c:\dhddhn.exec:\dhddhn.exe24⤵
- Executes dropped EXE
-
\??\c:\tpfrlp.exec:\tpfrlp.exe25⤵
- Executes dropped EXE
-
\??\c:\hpjpndv.exec:\hpjpndv.exe26⤵
- Executes dropped EXE
-
\??\c:\brhdfp.exec:\brhdfp.exe27⤵
- Executes dropped EXE
-
\??\c:\rxvdp.exec:\rxvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\llvll.exec:\llvll.exe29⤵
- Executes dropped EXE
-
\??\c:\xfnhfhx.exec:\xfnhfhx.exe30⤵
- Executes dropped EXE
-
\??\c:\vhdphdx.exec:\vhdphdx.exe31⤵
- Executes dropped EXE
-
\??\c:\rnhbv.exec:\rnhbv.exe32⤵
- Executes dropped EXE
-
\??\c:\lxbbd.exec:\lxbbd.exe33⤵
- Executes dropped EXE
-
\??\c:\btpdv.exec:\btpdv.exe34⤵
- Executes dropped EXE
-
\??\c:\ltphp.exec:\ltphp.exe35⤵
- Executes dropped EXE
-
\??\c:\xrdjd.exec:\xrdjd.exe36⤵
- Executes dropped EXE
-
\??\c:\hhtlx.exec:\hhtlx.exe37⤵
- Executes dropped EXE
-
\??\c:\rbbnlh.exec:\rbbnlh.exe38⤵
- Executes dropped EXE
-
\??\c:\rrxvf.exec:\rrxvf.exe39⤵
- Executes dropped EXE
-
\??\c:\xxttlv.exec:\xxttlv.exe40⤵
- Executes dropped EXE
-
\??\c:\nxnbll.exec:\nxnbll.exe41⤵
- Executes dropped EXE
-
\??\c:\bbvvnv.exec:\bbvvnv.exe42⤵
- Executes dropped EXE
-
\??\c:\ftvbtx.exec:\ftvbtx.exe43⤵
- Executes dropped EXE
-
\??\c:\nrpftx.exec:\nrpftx.exe44⤵
- Executes dropped EXE
-
\??\c:\rvfbp.exec:\rvfbp.exe45⤵
- Executes dropped EXE
-
\??\c:\vvjtpf.exec:\vvjtpf.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rjdxrb.exec:\rjdxrb.exe47⤵
- Executes dropped EXE
-
\??\c:\rhjff.exec:\rhjff.exe48⤵
- Executes dropped EXE
-
\??\c:\rvhvdv.exec:\rvhvdv.exe49⤵
- Executes dropped EXE
-
\??\c:\ptjvtbd.exec:\ptjvtbd.exe50⤵
- Executes dropped EXE
-
\??\c:\tdlrvd.exec:\tdlrvd.exe51⤵
- Executes dropped EXE
-
\??\c:\hrjntjl.exec:\hrjntjl.exe52⤵
- Executes dropped EXE
-
\??\c:\jlbbv.exec:\jlbbv.exe53⤵
- Executes dropped EXE
-
\??\c:\nxlbh.exec:\nxlbh.exe54⤵
- Executes dropped EXE
-
\??\c:\hjnxhnb.exec:\hjnxhnb.exe55⤵
- Executes dropped EXE
-
\??\c:\xhllp.exec:\xhllp.exe56⤵
- Executes dropped EXE
-
\??\c:\jnnfpln.exec:\jnnfpln.exe57⤵
- Executes dropped EXE
-
\??\c:\vhdpjp.exec:\vhdpjp.exe58⤵
- Executes dropped EXE
-
\??\c:\dnbvdnx.exec:\dnbvdnx.exe59⤵
- Executes dropped EXE
-
\??\c:\dpjpbhv.exec:\dpjpbhv.exe60⤵
- Executes dropped EXE
-
\??\c:\frttdb.exec:\frttdb.exe61⤵
- Executes dropped EXE
-
\??\c:\brjrrb.exec:\brjrrb.exe62⤵
- Executes dropped EXE
-
\??\c:\bxpxx.exec:\bxpxx.exe63⤵
- Executes dropped EXE
-
\??\c:\nlvjxtb.exec:\nlvjxtb.exe64⤵
- Executes dropped EXE
-
\??\c:\rlpnl.exec:\rlpnl.exe65⤵
- Executes dropped EXE
-
\??\c:\lltrbb.exec:\lltrbb.exe66⤵
-
\??\c:\hfhtj.exec:\hfhtj.exe67⤵
-
\??\c:\rvxfrl.exec:\rvxfrl.exe68⤵
-
\??\c:\jdlndv.exec:\jdlndv.exe69⤵
-
\??\c:\nnnpltx.exec:\nnnpltx.exe70⤵
-
\??\c:\fhbtrtn.exec:\fhbtrtn.exe71⤵
-
\??\c:\dhtxjb.exec:\dhtxjb.exe72⤵
-
\??\c:\dtvthrv.exec:\dtvthrv.exe73⤵
-
\??\c:\vntrhh.exec:\vntrhh.exe74⤵
-
\??\c:\nhnfbxr.exec:\nhnfbxr.exe75⤵
-
\??\c:\tnndhbr.exec:\tnndhbr.exe76⤵
-
\??\c:\jjftn.exec:\jjftn.exe77⤵
-
\??\c:\pplrxn.exec:\pplrxn.exe78⤵
-
\??\c:\tjtpdv.exec:\tjtpdv.exe79⤵
-
\??\c:\bvvdp.exec:\bvvdp.exe80⤵
-
\??\c:\rvrxjn.exec:\rvrxjn.exe81⤵
-
\??\c:\ltttt.exec:\ltttt.exe82⤵
-
\??\c:\bffvrj.exec:\bffvrj.exe83⤵
-
\??\c:\vjjjvbj.exec:\vjjjvbj.exe84⤵
-
\??\c:\bddrdj.exec:\bddrdj.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bfxbt.exec:\bfxbt.exe86⤵
-
\??\c:\nvjvvj.exec:\nvjvvj.exe87⤵
-
\??\c:\fdtlf.exec:\fdtlf.exe88⤵
-
\??\c:\rtntnx.exec:\rtntnx.exe89⤵
-
\??\c:\tdxvd.exec:\tdxvd.exe90⤵
-
\??\c:\rnnxx.exec:\rnnxx.exe91⤵
-
\??\c:\rlrjld.exec:\rlrjld.exe92⤵
-
\??\c:\rfjvtd.exec:\rfjvtd.exe93⤵
-
\??\c:\hfjjjx.exec:\hfjjjx.exe94⤵
-
\??\c:\llbplr.exec:\llbplr.exe95⤵
-
\??\c:\dllbh.exec:\dllbh.exe96⤵
-
\??\c:\tdvbhx.exec:\tdvbhx.exe97⤵
-
\??\c:\fllblfx.exec:\fllblfx.exe98⤵
-
\??\c:\ltlldhj.exec:\ltlldhj.exe99⤵
-
\??\c:\bvndxl.exec:\bvndxl.exe100⤵
-
\??\c:\jjfhpn.exec:\jjfhpn.exe101⤵
-
\??\c:\pjppbn.exec:\pjppbn.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rjtdfl.exec:\rjtdfl.exe103⤵
-
\??\c:\jrbdd.exec:\jrbdd.exe104⤵
-
\??\c:\fpflnrr.exec:\fpflnrr.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btvhlnf.exec:\btvhlnf.exe106⤵
-
\??\c:\nbbpl.exec:\nbbpl.exe107⤵
-
\??\c:\lddhn.exec:\lddhn.exe108⤵
-
\??\c:\bfldxlf.exec:\bfldxlf.exe109⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe110⤵
-
\??\c:\dffvrbr.exec:\dffvrbr.exe111⤵
-
\??\c:\drvhf.exec:\drvhf.exe112⤵
-
\??\c:\jlftxb.exec:\jlftxb.exe113⤵
-
\??\c:\nvnxbbj.exec:\nvnxbbj.exe114⤵
-
\??\c:\ptrntf.exec:\ptrntf.exe115⤵
-
\??\c:\rfrvdtf.exec:\rfrvdtf.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\drxbj.exec:\drxbj.exe117⤵
-
\??\c:\vnplvl.exec:\vnplvl.exe118⤵
-
\??\c:\hhvvbdv.exec:\hhvvbdv.exe119⤵
-
\??\c:\nlpdlbj.exec:\nlpdlbj.exe120⤵
-
\??\c:\hvrdvh.exec:\hvrdvh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-