Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
20-01-2025 09:14
General
-
Target
af5db2664a151bcebaac00a6355efaf62fcc4a536103c030c3e4fb94afdb2f9a.exe
-
Size
455KB
-
MD5
4bed566b2149fed0c323bd73e2d77dd4
-
SHA1
49272a9ebcaac02d1aa6ac8950128971b257c473
-
SHA256
af5db2664a151bcebaac00a6355efaf62fcc4a536103c030c3e4fb94afdb2f9a
-
SHA512
ca356614d891875e0d3e71ffd46dae2407f4f3b9a2c9d7271b928ee97c09437c117a44550faf84a375ec223a04ccc6c802feac37360bf3e8d0f8acd4e7ff3dbd
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeU:q7Tc2NYHUrAwfMp3CDU
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\af5db2664a151bcebaac00a6355efaf62fcc4a536103c030c3e4fb94afdb2f9a.exe"C:\Users\Admin\AppData\Local\Temp\af5db2664a151bcebaac00a6355efaf62fcc4a536103c030c3e4fb94afdb2f9a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bpfnppb.exec:\bpfnppb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjblnt.exec:\pjblnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxrvvp.exec:\bxrvvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjfljnh.exec:\pjfljnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlhdt.exec:\xlhdt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nphjdv.exec:\nphjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvdrb.exec:\lvdrb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lthjpxf.exec:\lthjpxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhpf.exec:\nhhpf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxbhfff.exec:\vxbhfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvjbxx.exec:\xvjbxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlfpnr.exec:\jlfpnr.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dpljb.exec:\dpljb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvjxfd.exec:\tvjxfd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrlbxn.exec:\jrlbxn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfbldhj.exec:\vfbldhj.exe17⤵
- Executes dropped EXE
-
\??\c:\fjjpdp.exec:\fjjpdp.exe18⤵
- Executes dropped EXE
-
\??\c:\fxpjp.exec:\fxpjp.exe19⤵
- Executes dropped EXE
-
\??\c:\txlrr.exec:\txlrr.exe20⤵
- Executes dropped EXE
-
\??\c:\jpttddx.exec:\jpttddx.exe21⤵
- Executes dropped EXE
-
\??\c:\rdnth.exec:\rdnth.exe22⤵
- Executes dropped EXE
-
\??\c:\npnvbl.exec:\npnvbl.exe23⤵
- Executes dropped EXE
-
\??\c:\nvfvptb.exec:\nvfvptb.exe24⤵
- Executes dropped EXE
-
\??\c:\nrtrt.exec:\nrtrt.exe25⤵
- Executes dropped EXE
-
\??\c:\hldhx.exec:\hldhx.exe26⤵
- Executes dropped EXE
-
\??\c:\hxvrbtn.exec:\hxvrbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\dhdpl.exec:\dhdpl.exe28⤵
- Executes dropped EXE
-
\??\c:\htrbvtl.exec:\htrbvtl.exe29⤵
- Executes dropped EXE
-
\??\c:\bbhbvdj.exec:\bbhbvdj.exe30⤵
- Executes dropped EXE
-
\??\c:\prnfd.exec:\prnfd.exe31⤵
- Executes dropped EXE
-
\??\c:\tdhlxn.exec:\tdhlxn.exe32⤵
- Executes dropped EXE
-
\??\c:\fbvtd.exec:\fbvtd.exe33⤵
- Executes dropped EXE
-
\??\c:\rrvlvf.exec:\rrvlvf.exe34⤵
- Executes dropped EXE
-
\??\c:\hbthr.exec:\hbthr.exe35⤵
- Executes dropped EXE
-
\??\c:\tvjjvtp.exec:\tvjjvtp.exe36⤵
- Executes dropped EXE
-
\??\c:\nrdfndd.exec:\nrdfndd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxplf.exec:\fxxplf.exe38⤵
- Executes dropped EXE
-
\??\c:\dbblbx.exec:\dbblbx.exe39⤵
- Executes dropped EXE
-
\??\c:\vlddftj.exec:\vlddftj.exe40⤵
- Executes dropped EXE
-
\??\c:\lfvnth.exec:\lfvnth.exe41⤵
- Executes dropped EXE
-
\??\c:\pfpnbn.exec:\pfpnbn.exe42⤵
- Executes dropped EXE
-
\??\c:\jjhxh.exec:\jjhxh.exe43⤵
- Executes dropped EXE
-
\??\c:\xjrhllt.exec:\xjrhllt.exe44⤵
- Executes dropped EXE
-
\??\c:\tdhrlnt.exec:\tdhrlnt.exe45⤵
- Executes dropped EXE
-
\??\c:\tvlhpd.exec:\tvlhpd.exe46⤵
- Executes dropped EXE
-
\??\c:\vbftrv.exec:\vbftrv.exe47⤵
- Executes dropped EXE
-
\??\c:\jrfdtjr.exec:\jrfdtjr.exe48⤵
- Executes dropped EXE
-
\??\c:\rvlhl.exec:\rvlhl.exe49⤵
- Executes dropped EXE
-
\??\c:\lnvxp.exec:\lnvxp.exe50⤵
- Executes dropped EXE
-
\??\c:\lhrpbt.exec:\lhrpbt.exe51⤵
- Executes dropped EXE
-
\??\c:\jhnrfj.exec:\jhnrfj.exe52⤵
- Executes dropped EXE
-
\??\c:\vdjrb.exec:\vdjrb.exe53⤵
- Executes dropped EXE
-
\??\c:\pdplhpt.exec:\pdplhpt.exe54⤵
- Executes dropped EXE
-
\??\c:\bphnjh.exec:\bphnjh.exe55⤵
- Executes dropped EXE
-
\??\c:\dtbnnfr.exec:\dtbnnfr.exe56⤵
- Executes dropped EXE
-
\??\c:\dnbpb.exec:\dnbpb.exe57⤵
- Executes dropped EXE
-
\??\c:\hhrtlf.exec:\hhrtlf.exe58⤵
- Executes dropped EXE
-
\??\c:\xpjtfl.exec:\xpjtfl.exe59⤵
- Executes dropped EXE
-
\??\c:\ndvtv.exec:\ndvtv.exe60⤵
- Executes dropped EXE
-
\??\c:\vrxjtv.exec:\vrxjtv.exe61⤵
- Executes dropped EXE
-
\??\c:\dnxtf.exec:\dnxtf.exe62⤵
- Executes dropped EXE
-
\??\c:\vrhvh.exec:\vrhvh.exe63⤵
- Executes dropped EXE
-
\??\c:\jrftbt.exec:\jrftbt.exe64⤵
- Executes dropped EXE
-
\??\c:\hnjbht.exec:\hnjbht.exe65⤵
- Executes dropped EXE
-
\??\c:\ddnrtv.exec:\ddnrtv.exe66⤵
-
\??\c:\vpfjl.exec:\vpfjl.exe67⤵
-
\??\c:\xxpnp.exec:\xxpnp.exe68⤵
-
\??\c:\txlxxp.exec:\txlxxp.exe69⤵
-
\??\c:\tbfxrnj.exec:\tbfxrnj.exe70⤵
-
\??\c:\nljvv.exec:\nljvv.exe71⤵
-
\??\c:\pthxfh.exec:\pthxfh.exe72⤵
-
\??\c:\tlhtvl.exec:\tlhtvl.exe73⤵
-
\??\c:\hpphb.exec:\hpphb.exe74⤵
-
\??\c:\nftxlp.exec:\nftxlp.exe75⤵
-
\??\c:\vddnvx.exec:\vddnvx.exe76⤵
-
\??\c:\jhnbhfp.exec:\jhnbhfp.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hplrh.exec:\hplrh.exe78⤵
-
\??\c:\ffrlr.exec:\ffrlr.exe79⤵
-
\??\c:\rlvfl.exec:\rlvfl.exe80⤵
-
\??\c:\lhnflx.exec:\lhnflx.exe81⤵
-
\??\c:\xvdnnxt.exec:\xvdnnxt.exe82⤵
-
\??\c:\pnhfdj.exec:\pnhfdj.exe83⤵
-
\??\c:\xnbldhj.exec:\xnbldhj.exe84⤵
-
\??\c:\djhxnld.exec:\djhxnld.exe85⤵
-
\??\c:\btbpd.exec:\btbpd.exe86⤵
-
\??\c:\bdxjj.exec:\bdxjj.exe87⤵
-
\??\c:\nnnnf.exec:\nnnnf.exe88⤵
-
\??\c:\bbxbh.exec:\bbxbh.exe89⤵
-
\??\c:\hvjdphp.exec:\hvjdphp.exe90⤵
-
\??\c:\hbtnxhr.exec:\hbtnxhr.exe91⤵
-
\??\c:\bvdrtdp.exec:\bvdrtdp.exe92⤵
-
\??\c:\vbrtt.exec:\vbrtt.exe93⤵
-
\??\c:\nxdjxjf.exec:\nxdjxjf.exe94⤵
-
\??\c:\fhbvv.exec:\fhbvv.exe95⤵
-
\??\c:\dltnh.exec:\dltnh.exe96⤵
-
\??\c:\nlllp.exec:\nlllp.exe97⤵
-
\??\c:\tnxddd.exec:\tnxddd.exe98⤵
-
\??\c:\blbjjnb.exec:\blbjjnb.exe99⤵
-
\??\c:\hdvtr.exec:\hdvtr.exe100⤵
-
\??\c:\pthdn.exec:\pthdn.exe101⤵
-
\??\c:\xptnv.exec:\xptnv.exe102⤵
-
\??\c:\rhfnvn.exec:\rhfnvn.exe103⤵
-
\??\c:\nttjr.exec:\nttjr.exe104⤵
-
\??\c:\xjhlvfj.exec:\xjhlvfj.exe105⤵
-
\??\c:\lrxflj.exec:\lrxflj.exe106⤵
-
\??\c:\rhlftdd.exec:\rhlftdd.exe107⤵
-
\??\c:\xvxhndx.exec:\xvxhndx.exe108⤵
-
\??\c:\ptdfp.exec:\ptdfp.exe109⤵
-
\??\c:\prrbdrn.exec:\prrbdrn.exe110⤵
-
\??\c:\rpjrj.exec:\rpjrj.exe111⤵
-
\??\c:\lhnrj.exec:\lhnrj.exe112⤵
-
\??\c:\jvhpj.exec:\jvhpj.exe113⤵
-
\??\c:\fbxnjvf.exec:\fbxnjvf.exe114⤵
-
\??\c:\thvbbp.exec:\thvbbp.exe115⤵
-
\??\c:\hdptbjl.exec:\hdptbjl.exe116⤵
-
\??\c:\xlbrjh.exec:\xlbrjh.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vtjhpf.exec:\vtjhpf.exe118⤵
-
\??\c:\rxjrjx.exec:\rxjrjx.exe119⤵
-
\??\c:\vjvddtx.exec:\vjvddtx.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thfnt.exec:\thfnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-