blackmoon | 4c696d0934cee758f04aaa2b3577802361c6d3945baf31703e278bb1be3698cd

Sharing

Copy URL Twitter E-mail

General

Target

4c696d0934cee758f04aaa2b3577802361c6d3945baf31703e278bb1be3698cd
Size

212KB
MD5

dd0ae5a0ebc0f5b9c8f0409cee618de8
SHA1

559f79a4f1bf6c6ead78f28dabd965e3eb579723
SHA256

4c696d0934cee758f04aaa2b3577802361c6d3945baf31703e278bb1be3698cd
SHA512

e4199e9be67b3a7f0597ae910cdfc9cf02360762ae6ec222c828e73b5e1cca0713bb789990f00f46bd2456193f748dedc6e7a41d30a7b383972b0322c17ea45a
SSDEEP

6144:jO5F1S4GIMYLQy9dBWO0sFw0i7OCoPL7u+/:jO5F1S41MELT0sFw0i7OVP3z

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

4c696d0934cee758f04aaa2b3577802361c6d3945baf31703e278bb1be3698cd
.exe windows x86

7dc3d048b4d654c4e5fa36f4ac58b36e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege

kernel32

GetProcessHeap
Sleep
VirtualFree
GetProcAddress
GetModuleHandleA
VirtualAlloc
HeapAlloc
GetCurrentProcessId
MultiByteToWideChar
WriteProcessMemory
WideCharToMultiByte
RtlMoveMemory
OpenProcess
GetCurrentThreadId
CloseHandle
ReadProcessMemory
CreateThread
DeleteCriticalSection
GetStringTypeW
GetModuleHandleA
GetStringTypeA
GetStartupInfoA
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetACP
GetCPInfo
HeapReAlloc
FreeEnvironmentStringsA
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
FreeEnvironmentStringsW
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
SetHandleCount
CloseHandle

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
CreateProcessWithTokenW

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

user32

GetWindowThreadProcessId
GetClientRect
MoveWindow
SetWindowPos
GetAsyncKeyState
GetCursorPos
GetFocus
ClientToScreen
mouse_event
PostMessageA
SendMessageA
IsWindow
AttachThreadInput
SetFocus
MapVirtualKeyA
SendInput
FindWindowA
GetWindowRect

wmvert

wm_CnvToBin
wm_WriteMem
wm_pbin
wm_InBin
wm_ToInt
wm_MsgBox
wm_BOr
wm_Space
wm_BinLen
wm_SpaceBin
wm_Chr
wm_Mod
wm_UCase
wm_Mid
wm_Rnd
wm_Randomize
wm_GetRunFileName
wm_LCase
wm_SHL
wm_Len
wm_Left
wm_Int
wm_BinMid
wm_Cos
wm_CreateWindowFromTemplate
wm_NotifySys
wm_Sleep
wm_InStr
wm_BAnd
wm_GetTickCount
wm_DoEvents
wm_Sin
wm_Sqr
wm_Pow
wm_GetBinData
wm_Tan
wm_Str

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dc3d048b4d654c4e5fa36f4ac58b36e

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

wtsapi32

user32

wmvert

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 92KB - Virtual size: 93KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 92KB - Virtual size: 93KB

.rsrc
Size: 8KB - Virtual size: 4KB