blackmoon | 6f77f0bac2e98dd6cf26fd4a9244044d0fe417b998d4bb3fa3f5beeb9cb2783c

Sharing

Copy URL Twitter E-mail

General

Target

6f77f0bac2e98dd6cf26fd4a9244044d0fe417b998d4bb3fa3f5beeb9cb2783c
Size

2.1MB
MD5

9022f67d76cf6642457e43990de5ecce
SHA1

a330f35d237938af3974aaec070bc59f08d0782d
SHA256

6f77f0bac2e98dd6cf26fd4a9244044d0fe417b998d4bb3fa3f5beeb9cb2783c
SHA512

b7157aebe3a4d9a8ef144e00133126732dc51071a1e6fe0d2ec430159dc4cd0ef5fc2fe93c5ca40165c22d6f16b5e23e749eba5cbc3d6245b1bee5149847b109
SSDEEP

49152:aCGPIBOA7P3ZHh89rLkQkjqEiN2T9kF/:nGPnA7BHNQzmp

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

6f77f0bac2e98dd6cf26fd4a9244044d0fe417b998d4bb3fa3f5beeb9cb2783c
.exe windows x86

cf5ca113d1dc951dc04cf0098b2d4573

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
ReadFile
CloseHandle
GetCurrentDirectoryW
WriteFile
GetProcessHeap
HeapFree
LocalSize
HeapAlloc
CreateWaitableTimerA
SetWaitableTimer
CreateThread
InterlockedIncrement
InterlockedDecrement
HeapCreate
RtlZeroMemory
HeapDestroy
lstrcmpiW
lstrcmpW
lstrcmpiA
LocalAlloc
IsBadReadPtr
GetModuleHandleA
ExitProcess
HeapReAlloc
CreateDirectoryA
CreateFileW
GetModuleFileNameA
GetEnvironmentVariableA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetFilePointer
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetUserDefaultLCID
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
GetLocalTime
CopyFileW
CopyFileA
lstrcpyn
GetTimeFormatA
GetDateFormatA
WideCharToMultiByte
LocalFree
lstrlenW
IsBadCodePtr
MultiByteToWideChar
lstrlenA
LoadLibraryW
RtlMoveMemory
CreateFileA

user32

MsgWaitForMultipleObjects
CallWindowProcA
SetWindowPos
GetMenuItemID
GetSubMenu
CreatePopupMenu
SetMenuInfo
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetCursorPos
IsWindowVisible

advapi32

RegOpenKeyA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey

shlwapi

PathRemoveFileSpecW
PathIsDirectoryA
PathFileExistsA
StrToIntW
PathFindFileNameA
PathFindExtensionA
StrTrimW
PathFindFileNameW

oleaut32

VarR8FromCy
VariantTimeToSystemTime
SafeArrayDestroy
VarR8FromBool
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
VariantChangeType
LoadTypeLi
LHashValOfNameSys

shell32

ShellExecuteW
ord190
SHCreateDirectoryExW
ord155
SHOpenFolderAndSelectItems

ole32

OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize

wininet

InternetConnectA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetOpenA

crypt32

CryptBinaryToStringA

ws2_32

htons

msvcrt

modf
_atoi64
_CIfmod
floor
strncmp
strncpy
__CxxFrameHandler
malloc
free
sprintf
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
_ftol
atoi
strtod
realloc
memmove
strchr

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf5ca113d1dc951dc04cf0098b2d4573

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

oleaut32

shell32

ole32

wininet

crypt32

ws2_32

msvcrt

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1.5MB - Virtual size: 1.6MB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1.5MB - Virtual size: 1.6MB

.rsrc
Size: 23KB - Virtual size: 23KB