Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
18-02-2025 04:27
General
-
Target
aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b.exe
-
Size
73KB
-
MD5
ea1dd3c97a3acb03c2005a759f429939
-
SHA1
58ed73be3ebe41382fbf29c1971c283b2e73d715
-
SHA256
aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b
-
SHA512
6b54d0e4ea7e29596084929b0229055da99dc93684d83c15093fce36563f3ab2bfba7a6bea7424496a6853840248f489528a1b13ea688821f6812bd22b1f6a91
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdLH+O:ymb3NkkiQ3mdBjF0yMliCO
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b.exe"C:\Users\Admin\AppData\Local\Temp\aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlffx.exec:\xxrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfrrf.exec:\flxfrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflfxr.exec:\rrflfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhntt.exec:\thhntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbbb.exec:\9bbbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjp.exec:\vjpjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxfxf.exec:\lxxxfxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxllxx.exec:\rrxllxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtttb.exec:\hhtttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrffx.exec:\xxrrffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxfff.exec:\xxxxfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnttn.exec:\tnnttn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxrllf.exec:\9fxrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbtt.exec:\9bbbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlfrf.exec:\fxxlfrf.exe23⤵
- Executes dropped EXE
-
\??\c:\bnnntn.exec:\bnnntn.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\3pppd.exec:\3pppd.exe27⤵
- Executes dropped EXE
-
\??\c:\xllfrrr.exec:\xllfrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\xflxrrl.exec:\xflxrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\9bbnhb.exec:\9bbnhb.exe30⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe31⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlfxfx.exec:\rxlfxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\hnbbbb.exec:\hnbbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\7ntttt.exec:\7ntttt.exe35⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe37⤵
- Executes dropped EXE
-
\??\c:\7xrlfxx.exec:\7xrlfxx.exe38⤵
- Executes dropped EXE
-
\??\c:\nbbtbb.exec:\nbbtbb.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\thbbbb.exec:\thbbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\5vvpp.exec:\5vvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\3flfffl.exec:\3flfffl.exe44⤵
- Executes dropped EXE
-
\??\c:\rxrxxxf.exec:\rxrxxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\bbttnt.exec:\bbttnt.exe46⤵
- Executes dropped EXE
-
\??\c:\bbnhbb.exec:\bbnhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\1xffxxr.exec:\1xffxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\rlrflrl.exec:\rlrflrl.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbhnbt.exec:\bbhnbt.exe52⤵
- Executes dropped EXE
-
\??\c:\hnnnnt.exec:\hnnnnt.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe55⤵
- Executes dropped EXE
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\frxrxff.exec:\frxrxff.exe57⤵
- Executes dropped EXE
-
\??\c:\btthbb.exec:\btthbb.exe58⤵
- Executes dropped EXE
-
\??\c:\bhtnbt.exec:\bhtnbt.exe59⤵
- Executes dropped EXE
-
\??\c:\7dvvv.exec:\7dvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe61⤵
- Executes dropped EXE
-
\??\c:\llxxxxf.exec:\llxxxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\tbbbhh.exec:\tbbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\1pvdv.exec:\1pvdv.exe66⤵
-
\??\c:\lfrxrxx.exec:\lfrxrxx.exe67⤵
-
\??\c:\xxlffff.exec:\xxlffff.exe68⤵
-
\??\c:\bhbnhh.exec:\bhbnhh.exe69⤵
-
\??\c:\ttnnht.exec:\ttnnht.exe70⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe71⤵
-
\??\c:\rxrlrlr.exec:\rxrlrlr.exe72⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe73⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe74⤵
-
\??\c:\lflrfff.exec:\lflrfff.exe75⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe76⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe77⤵
-
\??\c:\bttttb.exec:\bttttb.exe78⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe79⤵
-
\??\c:\9rxrlll.exec:\9rxrlll.exe80⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe81⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe82⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe83⤵
-
\??\c:\xxrrlxx.exec:\xxrrlxx.exe84⤵
-
\??\c:\ntnnbh.exec:\ntnnbh.exe85⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe86⤵
-
\??\c:\jjddv.exec:\jjddv.exe87⤵
-
\??\c:\xxlrffx.exec:\xxlrffx.exe88⤵
-
\??\c:\7ntnbh.exec:\7ntnbh.exe89⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe90⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe91⤵
-
\??\c:\bhhhbt.exec:\bhhhbt.exe92⤵
-
\??\c:\tbtntn.exec:\tbtntn.exe93⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe94⤵
-
\??\c:\5dddd.exec:\5dddd.exe95⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe96⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe97⤵
-
\??\c:\pdddd.exec:\pdddd.exe98⤵
-
\??\c:\fffxrxx.exec:\fffxrxx.exe99⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe100⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe101⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe102⤵
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe103⤵
-
\??\c:\5lllflf.exec:\5lllflf.exe104⤵
-
\??\c:\bthhht.exec:\bthhht.exe105⤵
-
\??\c:\hnnttb.exec:\hnnttb.exe106⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe107⤵
-
\??\c:\jpppj.exec:\jpppj.exe108⤵
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe109⤵
-
\??\c:\lrxfxff.exec:\lrxfxff.exe110⤵
-
\??\c:\tbbnnn.exec:\tbbnnn.exe111⤵
-
\??\c:\nbntnt.exec:\nbntnt.exe112⤵
-
\??\c:\dvppj.exec:\dvppj.exe113⤵
-
\??\c:\5djdv.exec:\5djdv.exe114⤵
-
\??\c:\lxxrrrx.exec:\lxxrrrx.exe115⤵
-
\??\c:\bhtbtn.exec:\bhtbtn.exe116⤵
-
\??\c:\9nbbbb.exec:\9nbbbb.exe117⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe118⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe119⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe120⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-