Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
18-02-2025 08:28
General
-
Target
ffd15ef8cf01ab7ba5b87476727acfc8b23da2e30cb4d4e0aceae387f69b8308.exe
-
Size
52KB
-
MD5
7c714b0617dad817c42df4d2241f4ee8
-
SHA1
3c82ee424a84c05339e8cd205b341c44aa376117
-
SHA256
ffd15ef8cf01ab7ba5b87476727acfc8b23da2e30cb4d4e0aceae387f69b8308
-
SHA512
cf4278e4168267a9d84ed128000c7dcc54d64017ebe47b1b3b5241f0ba547965139226fa4e790c7422de3967c1550e5de44d71c026ed6fff0ba7954d1c3fa137
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0ysbe:ymb3NkkiQ3mdBjF0yee
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ffd15ef8cf01ab7ba5b87476727acfc8b23da2e30cb4d4e0aceae387f69b8308.exe"C:\Users\Admin\AppData\Local\Temp\ffd15ef8cf01ab7ba5b87476727acfc8b23da2e30cb4d4e0aceae387f69b8308.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7btttb.exec:\7btttb.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrffx.exec:\frrrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnht.exec:\hhnnht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnb.exec:\nhhtnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjj.exec:\jppjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllxxr.exec:\3lllxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfflf.exec:\fllfflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthn.exec:\htnthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhtb.exec:\bhnhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpd.exec:\9jvpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbttb.exec:\1bbttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdp.exec:\vdvdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlffx.exec:\xxrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btttt.exec:\3btttt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbb.exec:\nhtbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\9xfxlfx.exec:\9xfxlfx.exe25⤵
- Executes dropped EXE
-
\??\c:\xfrrrrx.exec:\xfrrrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\hnnnbh.exec:\hnnnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe28⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrlfff.exec:\xxrlfff.exe31⤵
- Executes dropped EXE
-
\??\c:\nbttht.exec:\nbttht.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jdvpj.exec:\jdvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe35⤵
- Executes dropped EXE
-
\??\c:\rflffrl.exec:\rflffrl.exe36⤵
- Executes dropped EXE
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhbnn.exec:\bbhbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\vpvjp.exec:\vpvjp.exe40⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\flfxrrl.exec:\flfxrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\xffffff.exec:\xffffff.exe43⤵
- Executes dropped EXE
-
\??\c:\ntnhtn.exec:\ntnhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe45⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrfrlx.exec:\xxrfrlx.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\1flfffl.exec:\1flfffl.exe51⤵
- Executes dropped EXE
-
\??\c:\5ttnhh.exec:\5ttnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\nhnthh.exec:\nhnthh.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\3ffxrxr.exec:\3ffxrxr.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlfffl.exec:\xrlfffl.exe57⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe59⤵
- Executes dropped EXE
-
\??\c:\ffrlrxf.exec:\ffrlrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxfxfx.exec:\lfxfxfx.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bnbnhb.exec:\bnbnhb.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe63⤵
- Executes dropped EXE
-
\??\c:\9ddjd.exec:\9ddjd.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\rllxrlf.exec:\rllxrlf.exe66⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe67⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnthhb.exec:\bnthhb.exe69⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe70⤵
-
\??\c:\flllxxr.exec:\flllxxr.exe71⤵
-
\??\c:\xrxrfrr.exec:\xrxrfrr.exe72⤵
-
\??\c:\tntttb.exec:\tntttb.exe73⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe74⤵
-
\??\c:\pddvv.exec:\pddvv.exe75⤵
-
\??\c:\9rxrrrx.exec:\9rxrrrx.exe76⤵
-
\??\c:\9rrrrrf.exec:\9rrrrrf.exe77⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe78⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe79⤵
-
\??\c:\jpppd.exec:\jpppd.exe80⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe81⤵
-
\??\c:\3nthbt.exec:\3nthbt.exe82⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe83⤵
-
\??\c:\frrrrrl.exec:\frrrrrl.exe84⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe85⤵
-
\??\c:\vddpv.exec:\vddpv.exe86⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe87⤵
-
\??\c:\lflxrrl.exec:\lflxrrl.exe88⤵
-
\??\c:\7httbb.exec:\7httbb.exe89⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe90⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe91⤵
-
\??\c:\rlflflf.exec:\rlflflf.exe92⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe93⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe94⤵
-
\??\c:\3hbtnn.exec:\3hbtnn.exe95⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe96⤵
-
\??\c:\dddvj.exec:\dddvj.exe97⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe98⤵
-
\??\c:\1fxlffx.exec:\1fxlffx.exe99⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe100⤵
-
\??\c:\1djvp.exec:\1djvp.exe101⤵
-
\??\c:\7pppj.exec:\7pppj.exe102⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe103⤵
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe104⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe105⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe106⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe108⤵
-
\??\c:\lflllff.exec:\lflllff.exe109⤵
-
\??\c:\9ntbhb.exec:\9ntbhb.exe110⤵
-
\??\c:\nthbhh.exec:\nthbhh.exe111⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe112⤵
-
\??\c:\ffxfxxf.exec:\ffxfxxf.exe113⤵
-
\??\c:\9llllll.exec:\9llllll.exe114⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvdjj.exec:\vvdjj.exe116⤵
-
\??\c:\fflffxx.exec:\fflffxx.exe117⤵
-
\??\c:\nttnth.exec:\nttnth.exe118⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe119⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe120⤵
-
\??\c:\xlllllf.exec:\xlllllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-