blackmoon | XiaoBa[.]zip

Resubmissions

23/09/2022, 21:21

220923-z7a1hsbdam 10

23/09/2022, 21:14

220923-z3fp7sbchn 10

Sharing

Copy URL Twitter E-mail

General

Target

XiaoBa.zip
Size

3.8MB
MD5

d3f87e222b8c031978993167ced8c28e
SHA1

1bfa55107f54699e6417a686a43518974f6e6272
SHA256

b2759f034ca9baa743a9bcab422319c795cade5451a6446c2ad28fcc743bcbf5
SHA512

38f0022d87c82f56422a97b9bdec6da78d3f4c1d075c6f1161ca55c5e3991d9df9dd8ea63db18c0a5030036c3e5644fe28acb6cf13bfbbe76dab5d0e61890329
SSDEEP

98304:PhU+/J8DrwqX+MuvGMjkBXJzT/RARtsZGx7Tm:pF/J8/TfUyB1j+8um

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/XiaoBa.exe	family_blackmoon

Files

XiaoBa.zip
.zip
XiaoBa.exe
.exe windows x86

41feded63720680fe391f9f58f0d2453

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreateThread
CreateWaitableTimerA
SetWaitableTimer
GetWindowsDirectoryA
GetTempPathA
lstrcpyn
GlobalSize
RtlMoveMemory
GlobalFree
MultiByteToWideChar
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
SetFileAttributesA
GetTickCount
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
WaitForSingleObject
CreateProcessA
GetStartupInfoA
FindNextFileA
FindFirstFileA
FindClose
MoveFileA
GetCommandLineA
FreeLibrary
OpenProcess
LoadLibraryA
LCMapStringA
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
HeapSize
RaiseException
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
Sleep
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
CreateEventA
OpenEventA
GetProcAddress
GetSystemDirectoryA
GetLastError
WideCharToMultiByte
HeapSetInformation
GetStartupInfoW
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleW
DecodePointer
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SystemParametersInfoA
SetWindowPos
SetForegroundWindow
ShowWindow
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
IsWindowVisible

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

gdiplus

GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipDisposeImage
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipSaveImageToStream

winmm

mciSendStringA

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.9MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

41feded63720680fe391f9f58f0d2453

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

gdiplus

winmm

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 3.9MB - Virtual size: 4.0MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 3.9MB - Virtual size: 4.0MB

.reloc
Size: 17KB - Virtual size: 17KB