blackmoon | 9538e73f5eacf7dfb5fd8705bae0d5b69eb2bc1b249c93508b05e9cd857a9842

Sharing

Copy URL Twitter E-mail

General

Target

9538e73f5eacf7dfb5fd8705bae0d5b69eb2bc1b249c93508b05e9cd857a9842
Size

780KB
MD5

6611987719658af052648d43459789cf
SHA1

2d63277972153d07bf280a377f53d262cc2ffbe7
SHA256

9538e73f5eacf7dfb5fd8705bae0d5b69eb2bc1b249c93508b05e9cd857a9842
SHA512

bb904c12abf6124ca9ab5f7820f468ccd72948ba327ad28df501a0437e6dccaf7e9572c4932c66a6efeba6c772b6c5081b5cbbed61b3bfd2f6f13982c8edef69
SSDEEP

12288:rIcB7bnkCQ+PwneXSp0j0xigCBpH/JJhivwQqg:rIcBHnkCQ+Put0OIpfJJhivwQ5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

9538e73f5eacf7dfb5fd8705bae0d5b69eb2bc1b249c93508b05e9cd857a9842
.dll windows x86

1200923578330a55fee57face7aa0dff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetCommandLineA
FindClose
FindFirstFileA
FindNextFileA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenA
ReadProcessMemory
GetCurrentProcess
LocalFree
RtlFillMemory
LocalAlloc
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
GetCurrentThreadId
DeleteFileA
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
TerminateProcess
OpenProcess
CloseHandle
GetLastError
CreateMutexA
GetTickCount
WaitForSingleObject
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetVersion
DeviceIoControl
CreateFileA
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
SetFilePointer
ReadFile
WriteFile
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
lstrcpyA
SizeofResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GlobalAlloc
MultiByteToWideChar
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
GetFileSize
GetVolumeInformationA
GetDriveTypeA
InterlockedExchange
Module32Next
VerLanguageNameA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
CreateDirectoryA
GetSystemDirectoryA
EnumResourceNamesA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GlobalMemoryStatus

user32

SendMessageA
AttachThreadInput
GetWindowThreadProcessId
PostMessageA
GetWindowTextA
FindWindowExA
GetMessageA
SetParent
GetWindowRect
TranslateMessage
DispatchMessageA
SetFocus
SetWindowTextA
GetForegroundWindow
GetAsyncKeyState
SetTimer
GetFocus
IsDialogMessageA
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
WindowFromPoint
GetWindow
PtInRect
EnumWindows
IsRectEmpty
GetDlgItem
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
FindWindowA
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
GetDesktopWindow
ReleaseCapture
SetCapture
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
GetKeyboardState
PeekMessageA
GetCursorPos
wsprintfA
MessageBoxA
SetWindowPos
SetWindowRgn
DestroyWindow
EqualRect
IntersectRect
SetWindowLongA
GetWindowLongA
PostQuitMessage
CreateWindowExA
GetWindowTextLengthA
EnableWindow
UpdateWindow
ShowWindow
IsWindowVisible
CallWindowProcA
ReleaseDC
FillRect
GetSysColor
GetDC
IsWindow
KillTimer
GetClassInfoExA
RegisterClassExA
LoadIconA
LoadCursorA
MoveWindow
BeginPaint
EndPaint
InvalidateRect
DefWindowProcA
TrackMouseEvent
GetParent

gdi32

RestoreDC
RealizePalette
SetViewportOrgEx
OffsetViewportOrgEx
SaveDC
CreateBitmap
SelectPalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetDeviceCaps
RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
Escape
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateSolidBrush
StretchBlt
CreatePatternBrush
DeleteObject
SetBkColor
TextOutA
SetTextColor
CreateDIBitmap
CreateRectRgn
GetPixel
CombineRgn
CreateFontA
GetStockObject
SetMapMode
ExtTextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx

msimg32

TransparentBlt

iphlpapi

GetAdaptersInfo
SendARP

shlwapi

PathAppendA
SHDeleteValueA
SHDeleteKeyA
PathFileExistsA

mpr

WNetCancelConnection2A
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection2A

winmm

waveOutGetNumDevs
mciSendStringA
waveOutGetDevCapsA

ws2_32

inet_addr
select
send
WSASetLastError
setsockopt
sendto
socket
htons
connect
closesocket
WSACleanup
gethostbyaddr
WSAStartup
gethostbyname
gethostname
inet_ntoa
recv

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

GetPrinterA
ClosePrinter
SetPrinterA
OpenPrinterA
EnumPrintersA
DocumentPropertiesA

advapi32

GetLengthSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey

shell32

SHChangeNotify
ShellExecuteA
SHEmptyRecycleBinA
SHGetSpecialFolderPathA

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

FindFirstUrlCacheEntryA
InternetOpenA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetOpenUrlA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState

rasapi32

RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA
RasHangUpA
RasDialA

Exports

Exports

?LogInit@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LogRealMsg@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_NPAPAEPAI@Z
?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1200923578330a55fee57face7aa0dff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

iphlpapi

shlwapi

mpr

winmm

ws2_32

version

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

wininet

rasapi32

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 445KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 228KB - Virtual size: 231KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 448KB - Virtual size: 445KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 228KB - Virtual size: 231KB

.reloc
Size: 32KB - Virtual size: 31KB