Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
28/03/2025, 20:50
General
-
Target
5569ae7a73087b1ec0038aa584899a9de7e6d8b886bade897e975a2b5d3f02d2.exe
-
Size
458KB
-
MD5
8c3536d2885392ac1eb909d9cc40d073
-
SHA1
2209cc5e589f8f0687dd1618afee5569ce236184
-
SHA256
5569ae7a73087b1ec0038aa584899a9de7e6d8b886bade897e975a2b5d3f02d2
-
SHA512
142d95d144714db6556519dc63d98f4045e4fa019773b9fb06c71cafb3a55450b42145c477f912ebe9cb6127fa15cec5c2e0b060582da53066168d1814c2a63f
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeA:q7Tc2NYHUrAwfMp3CDA
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5569ae7a73087b1ec0038aa584899a9de7e6d8b886bade897e975a2b5d3f02d2.exe"C:\Users\Admin\AppData\Local\Temp\5569ae7a73087b1ec0038aa584899a9de7e6d8b886bade897e975a2b5d3f02d2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vppj.exec:\7vppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbtt.exec:\hhnbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxffr.exec:\llxxffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhh.exec:\tnhnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrlr.exec:\lfrrrlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnnn.exec:\1bnnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxrrr.exec:\lxlxrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbb.exec:\ntbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnntn.exec:\1bnntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthh.exec:\htnthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbh.exec:\ttthbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxxfl.exec:\xfrxxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbtbh.exec:\7hbtbh.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe18⤵
- Executes dropped EXE
-
\??\c:\7xflrfr.exec:\7xflrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe20⤵
- Executes dropped EXE
-
\??\c:\lfflxfr.exec:\lfflxfr.exe21⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe22⤵
- Executes dropped EXE
-
\??\c:\3xrxxxf.exec:\3xrxxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\1dddv.exec:\1dddv.exe25⤵
- Executes dropped EXE
-
\??\c:\3xxxxfr.exec:\3xxxxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe27⤵
- Executes dropped EXE
-
\??\c:\1rffrrf.exec:\1rffrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe29⤵
- Executes dropped EXE
-
\??\c:\9jdjv.exec:\9jdjv.exe30⤵
- Executes dropped EXE
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\1lxrrrx.exec:\1lxrrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe34⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\5lfffxl.exec:\5lfffxl.exe36⤵
- Executes dropped EXE
-
\??\c:\btbbht.exec:\btbbht.exe37⤵
- Executes dropped EXE
-
\??\c:\7nhnhn.exec:\7nhnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\5lffxxl.exec:\5lffxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\thbtbb.exec:\thbtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxrfrf.exec:\xlxrfrf.exe43⤵
- Executes dropped EXE
-
\??\c:\llflrxl.exec:\llflrxl.exe44⤵
- Executes dropped EXE
-
\??\c:\bnbbnt.exec:\bnbbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrrrxf.exec:\fxrrrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhtbb.exec:\tnhtbb.exe48⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\5rfflfl.exec:\5rfflfl.exe50⤵
- Executes dropped EXE
-
\??\c:\xlxxllr.exec:\xlxxllr.exe51⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe53⤵
- Executes dropped EXE
-
\??\c:\xflffff.exec:\xflffff.exe54⤵
- Executes dropped EXE
-
\??\c:\9rlrllr.exec:\9rlrllr.exe55⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe56⤵
- Executes dropped EXE
-
\??\c:\5vddv.exec:\5vddv.exe57⤵
- Executes dropped EXE
-
\??\c:\7lfxxff.exec:\7lfxxff.exe58⤵
- Executes dropped EXE
-
\??\c:\nbntbb.exec:\nbntbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3bbnhh.exec:\3bbnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\3dppp.exec:\3dppp.exe61⤵
- Executes dropped EXE
-
\??\c:\frfflll.exec:\frfflll.exe62⤵
- Executes dropped EXE
-
\??\c:\hbnnnb.exec:\hbnnnb.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe64⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\9ffrrlx.exec:\9ffrrlx.exe66⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe67⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe68⤵
-
\??\c:\pdppd.exec:\pdppd.exe69⤵
-
\??\c:\7rxxllx.exec:\7rxxllx.exe70⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe71⤵
-
\??\c:\pjppp.exec:\pjppp.exe72⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe73⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe74⤵
-
\??\c:\3nttbb.exec:\3nttbb.exe75⤵
-
\??\c:\9hbbbb.exec:\9hbbbb.exe76⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe77⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe78⤵
-
\??\c:\7nnntb.exec:\7nnntb.exe79⤵
-
\??\c:\bbbbbt.exec:\bbbbbt.exe80⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxxlfff.exec:\fxxlfff.exe82⤵
-
\??\c:\hbnbnb.exec:\hbnbnb.exe83⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe84⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe85⤵
-
\??\c:\rllrrrl.exec:\rllrrrl.exe86⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe87⤵
-
\??\c:\7tntbh.exec:\7tntbh.exe88⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe89⤵
-
\??\c:\xrfxllr.exec:\xrfxllr.exe90⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe91⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe92⤵
-
\??\c:\3pppv.exec:\3pppv.exe93⤵
-
\??\c:\7rxrxlx.exec:\7rxrxlx.exe94⤵
-
\??\c:\frflflx.exec:\frflflx.exe95⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe96⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe97⤵
-
\??\c:\jvppd.exec:\jvppd.exe98⤵
-
\??\c:\lllrlrf.exec:\lllrlrf.exe99⤵
-
\??\c:\9tnthn.exec:\9tnthn.exe100⤵
-
\??\c:\7htbbb.exec:\7htbbb.exe101⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe102⤵
-
\??\c:\rfxfrrf.exec:\rfxfrrf.exe103⤵
-
\??\c:\rllxrxl.exec:\rllxrxl.exe104⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe105⤵
-
\??\c:\1dppd.exec:\1dppd.exe106⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe107⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe108⤵
-
\??\c:\5htbbb.exec:\5htbbb.exe109⤵
-
\??\c:\jdppv.exec:\jdppv.exe110⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe111⤵
-
\??\c:\lxlfrrx.exec:\lxlfrrx.exe112⤵
-
\??\c:\7fxfllx.exec:\7fxfllx.exe113⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe114⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe115⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe116⤵
-
\??\c:\7rflrxr.exec:\7rflrxr.exe117⤵
-
\??\c:\3ntbnn.exec:\3ntbnn.exe118⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe119⤵
-
\??\c:\9pppp.exec:\9pppp.exe120⤵
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-