Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
29/12/2024, 00:23
General
-
Target
6cb5817145e539d8e22d632c146932537bb6f10faaa84ac6f742a64a72af1071.exe
-
Size
911KB
-
MD5
a7c13c67f5de73babde428bc0e05dbf4
-
SHA1
3d8a9529529ec44fc8ab1efa76f28423f6353f8a
-
SHA256
6cb5817145e539d8e22d632c146932537bb6f10faaa84ac6f742a64a72af1071
-
SHA512
6e1a7836076bc960a0d1d204f0cf3e03658ca19aecf1d93ea22601edd7b4f097c869e12dbe42992544c341bf5d9208b87e30dceb4fa2625a97068392da23948c
-
SSDEEP
24576:OY+UB5TsjZ03clghyKm1QgRHYKPUQ4U3yzZy5gFxopB:OUbAjZ035mMOyDFxon
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cb5817145e539d8e22d632c146932537bb6f10faaa84ac6f742a64a72af1071.exe"C:\Users\Admin\AppData\Local\Temp\6cb5817145e539d8e22d632c146932537bb6f10faaa84ac6f742a64a72af1071.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnh.exec:\nhbtnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnhh.exec:\9hbnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfrrxl.exec:\3xfrrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxllxl.exec:\flxllxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthb.exec:\tbbthb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlfxl.exec:\llxlfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthb.exec:\bhbthb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddpv.exec:\9ddpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbnt.exec:\bbbbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlrlr.exec:\rfxlrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthb.exec:\tbbthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxlf.exec:\xrllxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbthb.exec:\nbbthb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfrlf.exec:\frlfrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthbt.exec:\tnthbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvd.exec:\vjjvd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttthb.exec:\tttthb.exe23⤵
- Executes dropped EXE
-
\??\c:\1rfrffr.exec:\1rfrffr.exe24⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\7fffrrf.exec:\7fffrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\bnthbb.exec:\bnthbb.exe27⤵
- Executes dropped EXE
-
\??\c:\vjdpp.exec:\vjdpp.exe28⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrllff.exec:\xfrllff.exe33⤵
- Executes dropped EXE
-
\??\c:\ntnhnn.exec:\ntnhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe37⤵
- Executes dropped EXE
-
\??\c:\9dvpv.exec:\9dvpv.exe38⤵
- Executes dropped EXE
-
\??\c:\rfxrffr.exec:\rfxrffr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe40⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\fffrlfx.exec:\fffrlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhtnh.exec:\hbhtnh.exe43⤵
- Executes dropped EXE
-
\??\c:\hnnbhb.exec:\hnnbhb.exe44⤵
- Executes dropped EXE
-
\??\c:\xffxrrr.exec:\xffxrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\7hbhbh.exec:\7hbhbh.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe47⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrfxxl.exec:\rlrfxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\tnhbbt.exec:\tnhbbt.exe50⤵
- Executes dropped EXE
-
\??\c:\1xfxrff.exec:\1xfxrff.exe51⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe52⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe53⤵
- Executes dropped EXE
-
\??\c:\5pvpj.exec:\5pvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe55⤵
- Executes dropped EXE
-
\??\c:\fllfflf.exec:\fllfflf.exe56⤵
- Executes dropped EXE
-
\??\c:\3bttbb.exec:\3bttbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\ffrflll.exec:\ffrflll.exe59⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe60⤵
- Executes dropped EXE
-
\??\c:\3ddvp.exec:\3ddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe62⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\frrfrrl.exec:\frrfrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\7hhbth.exec:\7hhbth.exe65⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe66⤵
-
\??\c:\1xrlfxr.exec:\1xrlfxr.exe67⤵
-
\??\c:\tbbhtn.exec:\tbbhtn.exe68⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe69⤵
-
\??\c:\flrlfxr.exec:\flrlfxr.exe70⤵
-
\??\c:\7thbbb.exec:\7thbbb.exe71⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe72⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe73⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe74⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe75⤵
-
\??\c:\7rlfxxf.exec:\7rlfxxf.exe76⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9vdvj.exec:\9vdvj.exe78⤵
-
\??\c:\7hhthh.exec:\7hhthh.exe79⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe80⤵
-
\??\c:\lrlrlfx.exec:\lrlrlfx.exe81⤵
-
\??\c:\3jdvp.exec:\3jdvp.exe82⤵
-
\??\c:\5xfxrxr.exec:\5xfxrxr.exe83⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe84⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe86⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe87⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe88⤵
-
\??\c:\rrrfxll.exec:\rrrfxll.exe89⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe90⤵
-
\??\c:\flrlfxr.exec:\flrlfxr.exe91⤵
-
\??\c:\nnhttt.exec:\nnhttt.exe92⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe93⤵
-
\??\c:\9xxxrxr.exec:\9xxxrxr.exe94⤵
-
\??\c:\bttnbh.exec:\bttnbh.exe95⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frlfxrr.exec:\frlfxrr.exe97⤵
-
\??\c:\5htnnn.exec:\5htnnn.exe98⤵
-
\??\c:\frrrlfx.exec:\frrrlfx.exe99⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe100⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe101⤵
-
\??\c:\lrxrffx.exec:\lrxrffx.exe102⤵
-
\??\c:\bnbnnh.exec:\bnbnnh.exe103⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe104⤵
-
\??\c:\rrlfrrf.exec:\rrlfrrf.exe105⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe106⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe107⤵
-
\??\c:\3nbnhh.exec:\3nbnhh.exe108⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe109⤵
-
\??\c:\9rxrllf.exec:\9rxrllf.exe110⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe111⤵
-
\??\c:\jddvp.exec:\jddvp.exe112⤵
-
\??\c:\3rfxllx.exec:\3rfxllx.exe113⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe114⤵
-
\??\c:\3dvpj.exec:\3dvpj.exe115⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe116⤵
-
\??\c:\nnbbbt.exec:\nnbbbt.exe117⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe118⤵
-
\??\c:\3frlfxr.exec:\3frlfxr.exe119⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe120⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-