Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
18-02-2025 04:12
General
-
Target
aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b.exe
-
Size
73KB
-
MD5
ea1dd3c97a3acb03c2005a759f429939
-
SHA1
58ed73be3ebe41382fbf29c1971c283b2e73d715
-
SHA256
aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b
-
SHA512
6b54d0e4ea7e29596084929b0229055da99dc93684d83c15093fce36563f3ab2bfba7a6bea7424496a6853840248f489528a1b13ea688821f6812bd22b1f6a91
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdLH+O:ymb3NkkiQ3mdBjF0yMliCO
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 41 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b.exe"C:\Users\Admin\AppData\Local\Temp\aef6850c84c6966bd6155700e546df0f346e368dde5017ae6fcb3e570c03a39b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrllf.exec:\ffxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnh.exec:\ntttnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjp.exec:\vppjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdj.exec:\djjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxrl.exec:\fxffxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bttnh.exec:\5bttnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlfxxr.exec:\1xlfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhhb.exec:\hnnhhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrlxxr.exec:\1rrlxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtntt.exec:\nbtntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdd.exec:\vdpdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjv.exec:\dpjjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbthb.exec:\7hbthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhh.exec:\thnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrllx.exec:\lxxrllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhbb.exec:\9tnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxllf.exec:\lllxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlffr.exec:\lxrlffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjj.exec:\pjvjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppj.exec:\djppj.exe23⤵
- Executes dropped EXE
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\tthbtn.exec:\tthbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\1vjdj.exec:\1vjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\7vpdp.exec:\7vpdp.exe29⤵
- Executes dropped EXE
-
\??\c:\xlrfxrl.exec:\xlrfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\xllfffx.exec:\xllfffx.exe31⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\9hnbtn.exec:\9hnbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\xfxlffx.exec:\xfxlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\rxlllrr.exec:\rxlllrr.exe36⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe37⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe38⤵
- Executes dropped EXE
-
\??\c:\dpjpj.exec:\dpjpj.exe39⤵
- Executes dropped EXE
-
\??\c:\xrfrffr.exec:\xrfrffr.exe40⤵
- Executes dropped EXE
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe41⤵
- Executes dropped EXE
-
\??\c:\hhntnh.exec:\hhntnh.exe42⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\5dvvj.exec:\5dvvj.exe44⤵
- Executes dropped EXE
-
\??\c:\lffxrll.exec:\lffxrll.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrllrl.exec:\rlrllrl.exe46⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe47⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe48⤵
- Executes dropped EXE
-
\??\c:\7ddvv.exec:\7ddvv.exe49⤵
- Executes dropped EXE
-
\??\c:\5flxffr.exec:\5flxffr.exe50⤵
- Executes dropped EXE
-
\??\c:\lxrlxlx.exec:\lxrlxlx.exe51⤵
- Executes dropped EXE
-
\??\c:\3tnhtn.exec:\3tnhtn.exe52⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\7fxrfxr.exec:\7fxrfxr.exe56⤵
- Executes dropped EXE
-
\??\c:\tbtnht.exec:\tbtnht.exe57⤵
- Executes dropped EXE
-
\??\c:\tbhhbt.exec:\tbhhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\5jdvj.exec:\5jdvj.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe60⤵
- Executes dropped EXE
-
\??\c:\rrxrxxx.exec:\rrxrxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\9rrrlfx.exec:\9rrrlfx.exe62⤵
- Executes dropped EXE
-
\??\c:\bbnhbb.exec:\bbnhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe64⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe65⤵
- Executes dropped EXE
-
\??\c:\rffrxxx.exec:\rffrxxx.exe66⤵
-
\??\c:\httttt.exec:\httttt.exe67⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe68⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe69⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe70⤵
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe71⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe72⤵
-
\??\c:\htbhbn.exec:\htbhbn.exe73⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe74⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe75⤵
-
\??\c:\5ffrllf.exec:\5ffrllf.exe76⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe77⤵
-
\??\c:\tnnntn.exec:\tnnntn.exe78⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe79⤵
-
\??\c:\frxxrxl.exec:\frxxrxl.exe80⤵
-
\??\c:\xlfrrrr.exec:\xlfrrrr.exe81⤵
-
\??\c:\nntbbt.exec:\nntbbt.exe82⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe83⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe84⤵
-
\??\c:\frllxfx.exec:\frllxfx.exe85⤵
-
\??\c:\frllxlx.exec:\frllxlx.exe86⤵
-
\??\c:\3hhbtn.exec:\3hhbtn.exe87⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe88⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe89⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe90⤵
-
\??\c:\3ntnbt.exec:\3ntnbt.exe91⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe92⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe93⤵
-
\??\c:\pjppj.exec:\pjppj.exe94⤵
-
\??\c:\fffrfxl.exec:\fffrfxl.exe95⤵
-
\??\c:\5lxrllf.exec:\5lxrllf.exe96⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe97⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe98⤵
-
\??\c:\dddvv.exec:\dddvv.exe99⤵
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe100⤵
-
\??\c:\fxxxrlx.exec:\fxxxrlx.exe101⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe102⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe103⤵
-
\??\c:\pppjd.exec:\pppjd.exe104⤵
-
\??\c:\5xfrxrl.exec:\5xfrxrl.exe105⤵
-
\??\c:\rlxrlrl.exec:\rlxrlrl.exe106⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe107⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe108⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe109⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe110⤵
-
\??\c:\7xlfxxx.exec:\7xlfxxx.exe111⤵
-
\??\c:\lllfxxl.exec:\lllfxxl.exe112⤵
-
\??\c:\nbnbht.exec:\nbnbht.exe113⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe114⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe115⤵
-
\??\c:\xfxxxlx.exec:\xfxxxlx.exe116⤵
-
\??\c:\1xrlxrl.exec:\1xrlxrl.exe117⤵
-
\??\c:\9bbbth.exec:\9bbbth.exe118⤵
-
\??\c:\bnhtbt.exec:\bnhtbt.exe119⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe120⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-