Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
20-01-2025 09:04
General
-
Target
1821c84c1caa70d90b5ea715dcf3d3e40f3e69e8424dbd9b091debbb62e9cda9N.exe
-
Size
455KB
-
MD5
63735d0109649ba5a13d48129ba5c330
-
SHA1
d594f5e63043be232c1989e88b866e6f8ac79d31
-
SHA256
1821c84c1caa70d90b5ea715dcf3d3e40f3e69e8424dbd9b091debbb62e9cda9
-
SHA512
ce5602b3bd7857190572092a1f611449ea96300176920a53008386b4865c870be247cd5e5d1c9b501b9c57be35fe66d014b130ee88d3ab672d02c70701d9121b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbec:q7Tc2NYHUrAwfMp3CDc
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1821c84c1caa70d90b5ea715dcf3d3e40f3e69e8424dbd9b091debbb62e9cda9N.exe"C:\Users\Admin\AppData\Local\Temp\1821c84c1caa70d90b5ea715dcf3d3e40f3e69e8424dbd9b091debbb62e9cda9N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvrr.exec:\jdvrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhjnl.exec:\bhjnl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhflxh.exec:\nhflxh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtnxtf.exec:\dtnxtf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdbjrd.exec:\jdbjrd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxnlf.exec:\jxnlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttprhl.exec:\ttprhl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrddh.exec:\rrddh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhlbt.exec:\rhlbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thltxtr.exec:\thltxtr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txflp.exec:\txflp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtlbr.exec:\jtlbr.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dbbldpp.exec:\dbbldpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxdjv.exec:\lxdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdbvb.exec:\hdbvb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdtltj.exec:\bdtltj.exe17⤵
- Executes dropped EXE
-
\??\c:\ptbph.exec:\ptbph.exe18⤵
- Executes dropped EXE
-
\??\c:\lvrvhx.exec:\lvrvhx.exe19⤵
- Executes dropped EXE
-
\??\c:\ddpdlb.exec:\ddpdlb.exe20⤵
- Executes dropped EXE
-
\??\c:\djvlt.exec:\djvlt.exe21⤵
- Executes dropped EXE
-
\??\c:\plxbtlp.exec:\plxbtlp.exe22⤵
- Executes dropped EXE
-
\??\c:\njltp.exec:\njltp.exe23⤵
- Executes dropped EXE
-
\??\c:\vltrnbh.exec:\vltrnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\fpxhb.exec:\fpxhb.exe25⤵
- Executes dropped EXE
-
\??\c:\drpxdb.exec:\drpxdb.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pfhhvrn.exec:\pfhhvrn.exe27⤵
- Executes dropped EXE
-
\??\c:\ptrtdx.exec:\ptrtdx.exe28⤵
- Executes dropped EXE
-
\??\c:\lndtxtt.exec:\lndtxtt.exe29⤵
- Executes dropped EXE
-
\??\c:\vvjpx.exec:\vvjpx.exe30⤵
- Executes dropped EXE
-
\??\c:\rprxn.exec:\rprxn.exe31⤵
- Executes dropped EXE
-
\??\c:\vffdhlp.exec:\vffdhlp.exe32⤵
- Executes dropped EXE
-
\??\c:\lrphrrt.exec:\lrphrrt.exe33⤵
- Executes dropped EXE
-
\??\c:\nrntb.exec:\nrntb.exe34⤵
- Executes dropped EXE
-
\??\c:\bttnf.exec:\bttnf.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bdjxdtd.exec:\bdjxdtd.exe36⤵
- Executes dropped EXE
-
\??\c:\fnxlrhl.exec:\fnxlrhl.exe37⤵
- Executes dropped EXE
-
\??\c:\tvljtjt.exec:\tvljtjt.exe38⤵
- Executes dropped EXE
-
\??\c:\pfdfhrd.exec:\pfdfhrd.exe39⤵
- Executes dropped EXE
-
\??\c:\lblhhrp.exec:\lblhhrp.exe40⤵
- Executes dropped EXE
-
\??\c:\jdbhfl.exec:\jdbhfl.exe41⤵
- Executes dropped EXE
-
\??\c:\jdtpl.exec:\jdtpl.exe42⤵
- Executes dropped EXE
-
\??\c:\vdpjvp.exec:\vdpjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\xvvpbr.exec:\xvvpbr.exe44⤵
- Executes dropped EXE
-
\??\c:\hdffjxf.exec:\hdffjxf.exe45⤵
- Executes dropped EXE
-
\??\c:\fdvjpt.exec:\fdvjpt.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fbbddr.exec:\fbbddr.exe47⤵
- Executes dropped EXE
-
\??\c:\jtvrf.exec:\jtvrf.exe48⤵
- Executes dropped EXE
-
\??\c:\rnjvhfp.exec:\rnjvhfp.exe49⤵
- Executes dropped EXE
-
\??\c:\pfxtrh.exec:\pfxtrh.exe50⤵
- Executes dropped EXE
-
\??\c:\thhjjbh.exec:\thhjjbh.exe51⤵
- Executes dropped EXE
-
\??\c:\bhlbvx.exec:\bhlbvx.exe52⤵
- Executes dropped EXE
-
\??\c:\hjvjdbh.exec:\hjvjdbh.exe53⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe54⤵
- Executes dropped EXE
-
\??\c:\lnhft.exec:\lnhft.exe55⤵
- Executes dropped EXE
-
\??\c:\rdtdx.exec:\rdtdx.exe56⤵
- Executes dropped EXE
-
\??\c:\llptr.exec:\llptr.exe57⤵
- Executes dropped EXE
-
\??\c:\tnrjv.exec:\tnrjv.exe58⤵
- Executes dropped EXE
-
\??\c:\dhpnpt.exec:\dhpnpt.exe59⤵
- Executes dropped EXE
-
\??\c:\hdfhhlx.exec:\hdfhhlx.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\trnpj.exec:\trnpj.exe61⤵
- Executes dropped EXE
-
\??\c:\rpppd.exec:\rpppd.exe62⤵
- Executes dropped EXE
-
\??\c:\nbtnnnn.exec:\nbtnnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\dbjhvb.exec:\dbjhvb.exe64⤵
- Executes dropped EXE
-
\??\c:\phfjpx.exec:\phfjpx.exe65⤵
- Executes dropped EXE
-
\??\c:\dltdjtp.exec:\dltdjtp.exe66⤵
-
\??\c:\rvxhjft.exec:\rvxhjft.exe67⤵
-
\??\c:\trvpbtv.exec:\trvpbtv.exe68⤵
-
\??\c:\xnpltf.exec:\xnpltf.exe69⤵
-
\??\c:\nbnbvf.exec:\nbnbvf.exe70⤵
-
\??\c:\tbhjjlt.exec:\tbhjjlt.exe71⤵
-
\??\c:\xlpddpd.exec:\xlpddpd.exe72⤵
-
\??\c:\rxphd.exec:\rxphd.exe73⤵
-
\??\c:\vfldrb.exec:\vfldrb.exe74⤵
-
\??\c:\ntdlfxr.exec:\ntdlfxr.exe75⤵
-
\??\c:\jltrpl.exec:\jltrpl.exe76⤵
-
\??\c:\vtdpl.exec:\vtdpl.exe77⤵
-
\??\c:\pdnrtx.exec:\pdnrtx.exe78⤵
-
\??\c:\hlltdpl.exec:\hlltdpl.exe79⤵
-
\??\c:\tdrtv.exec:\tdrtv.exe80⤵
-
\??\c:\fxjpfj.exec:\fxjpfj.exe81⤵
-
\??\c:\ffnvh.exec:\ffnvh.exe82⤵
-
\??\c:\dnhdj.exec:\dnhdj.exe83⤵
-
\??\c:\hnldtx.exec:\hnldtx.exe84⤵
-
\??\c:\blftx.exec:\blftx.exe85⤵
-
\??\c:\hvrbbbd.exec:\hvrbbbd.exe86⤵
-
\??\c:\vbxfx.exec:\vbxfx.exe87⤵
-
\??\c:\jhbtlb.exec:\jhbtlb.exe88⤵
-
\??\c:\fvvfpt.exec:\fvvfpt.exe89⤵
-
\??\c:\vhdjjd.exec:\vhdjjd.exe90⤵
-
\??\c:\dpvdbj.exec:\dpvdbj.exe91⤵
-
\??\c:\bbdhllx.exec:\bbdhllx.exe92⤵
-
\??\c:\xtpljv.exec:\xtpljv.exe93⤵
-
\??\c:\pddln.exec:\pddln.exe94⤵
-
\??\c:\lrfvhb.exec:\lrfvhb.exe95⤵
-
\??\c:\tnnfh.exec:\tnnfh.exe96⤵
-
\??\c:\tlxth.exec:\tlxth.exe97⤵
-
\??\c:\hrrbvpp.exec:\hrrbvpp.exe98⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vlxnf.exec:\vlxnf.exe99⤵
-
\??\c:\hjdfr.exec:\hjdfr.exe100⤵
-
\??\c:\rvltb.exec:\rvltb.exe101⤵
-
\??\c:\dllnlp.exec:\dllnlp.exe102⤵
-
\??\c:\ltfddh.exec:\ltfddh.exe103⤵
-
\??\c:\bpdhl.exec:\bpdhl.exe104⤵
-
\??\c:\hhjfdv.exec:\hhjfdv.exe105⤵
-
\??\c:\jvffxv.exec:\jvffxv.exe106⤵
-
\??\c:\dlrbb.exec:\dlrbb.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xbnrfdt.exec:\xbnrfdt.exe108⤵
-
\??\c:\fjjtrb.exec:\fjjtrb.exe109⤵
-
\??\c:\bjdxjvp.exec:\bjdxjvp.exe110⤵
-
\??\c:\frjjj.exec:\frjjj.exe111⤵
-
\??\c:\jlxlf.exec:\jlxlf.exe112⤵
-
\??\c:\xvrhbn.exec:\xvrhbn.exe113⤵
-
\??\c:\ttnlntt.exec:\ttnlntt.exe114⤵
-
\??\c:\pnhnvxj.exec:\pnhnvxj.exe115⤵
-
\??\c:\frlxr.exec:\frlxr.exe116⤵
-
\??\c:\xlbdbj.exec:\xlbdbj.exe117⤵
-
\??\c:\xbhxpvf.exec:\xbhxpvf.exe118⤵
-
\??\c:\nvbbfbh.exec:\nvbbfbh.exe119⤵
-
\??\c:\hljddhn.exec:\hljddhn.exe120⤵
-
\??\c:\bhdvl.exec:\bhdvl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-