blackmoon | c73609b8501225b5f8b4a6058f9b6e8e700f0414d733bba82801e6feee5efeb8

Sharing

Copy URL

Twitter E-mail

General

Target

c73609b8501225b5f8b4a6058f9b6e8e700f0414d733bba82801e6feee5efeb8
Size

212KB
MD5

35afc127489dd76da62b8e9b7015437c
SHA1

e69a8dca57b07cdef9100d2ddaa499ed01a15fd1
SHA256

c73609b8501225b5f8b4a6058f9b6e8e700f0414d733bba82801e6feee5efeb8
SHA512

bca7514d7375a199d47213b37a4625e03274a195fe86ddc4f2ae834155187bc958b1c21d0d45c5d5e6689eee65e137e81925d0f53285900195239215f875d424
SSDEEP

6144:Ky1t1W4GIMQ+XG9dBWO0sFw0i7OCoPL7u+/:Ky1t1W41MMLT0sFw0i7OVP3z

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

c73609b8501225b5f8b4a6058f9b6e8e700f0414d733bba82801e6feee5efeb8
.exe windows x86

7dc3d048b4d654c4e5fa36f4ac58b36e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege

kernel32

GetProcessHeap
Sleep
VirtualFree
GetProcAddress
GetModuleHandleA
VirtualAlloc
HeapAlloc
GetCurrentProcessId
MultiByteToWideChar
WriteProcessMemory
WideCharToMultiByte
RtlMoveMemory
OpenProcess
GetCurrentThreadId
CloseHandle
ReadProcessMemory
CreateThread
DeleteCriticalSection
GetStringTypeW
GetModuleHandleA
GetStringTypeA
GetStartupInfoA
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetACP
GetCPInfo
HeapReAlloc
FreeEnvironmentStringsA
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
FreeEnvironmentStringsW
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
SetHandleCount
CloseHandle

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
CreateProcessWithTokenW

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

user32

GetWindowThreadProcessId
GetClientRect
MoveWindow
SetWindowPos
GetAsyncKeyState
GetCursorPos
GetFocus
ClientToScreen
mouse_event
PostMessageA
SendMessageA
IsWindow
AttachThreadInput
SetFocus
MapVirtualKeyA
SendInput
FindWindowA
GetWindowRect

wmvert

wm_CnvToBin
wm_WriteMem
wm_pbin
wm_InBin
wm_ToInt
wm_MsgBox
wm_BOr
wm_Space
wm_BinLen
wm_SpaceBin
wm_Chr
wm_Mod
wm_UCase
wm_Mid
wm_Rnd
wm_Randomize
wm_GetRunFileName
wm_LCase
wm_SHL
wm_Len
wm_Left
wm_Int
wm_BinMid
wm_Cos
wm_CreateWindowFromTemplate
wm_NotifySys
wm_Sleep
wm_InStr
wm_BAnd
wm_GetTickCount
wm_DoEvents
wm_Sin
wm_Sqr
wm_Pow
wm_GetBinData
wm_Tan
wm_Str

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dc3d048b4d654c4e5fa36f4ac58b36e

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

wtsapi32

user32

wmvert

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 92KB - Virtual size: 93KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 92KB - Virtual size: 93KB

.rsrc
Size: 8KB - Virtual size: 4KB