blackmoon | bc6dac70621e2fdfaaa2527857e9bd8243bfcd74d2d4a5f93dce6a11095bae72

Sharing

Copy URL Twitter E-mail

General

Target

bc6dac70621e2fdfaaa2527857e9bd8243bfcd74d2d4a5f93dce6a11095bae72
Size

412KB
MD5

1d0575488c833e1b8d1c5deef2033368
SHA1

f9b1fcb26728bc0c06ee77c8d5b759d758240418
SHA256

bc6dac70621e2fdfaaa2527857e9bd8243bfcd74d2d4a5f93dce6a11095bae72
SHA512

848b2ace8b1acedb5e87418d28d4232f4853fe6b59ee1a7da7f02bb0f9374bcfebaa592f4bd73bf90510a098528026d49cc42f4bb14c391f74b6b3429b186ee0
SSDEEP

6144:0HMa0/9agi9GQqhAj1H2dX7FSczZoAIiDhKPJU12W1l:qMa0/UGM0JfZT8A

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

bc6dac70621e2fdfaaa2527857e9bd8243bfcd74d2d4a5f93dce6a11095bae72
.dll windows x86

a3d187d9c92e46d03012b55f576dccd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
GetLocalTime
GetModuleFileNameA
GetPrivateProfileStringA
LCMapStringA
GetVersionExA
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
SetWaitableTimer
CreateWaitableTimerA
CreateProcessA
TerminateProcess
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
lstrcpyn
RtlMoveMemory
LocalSize
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
ReadProcessMemory
VirtualQueryEx
OpenProcess
CloseHandle
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
Module32Next
GetACP
GlobalAlloc
HeapSize
SetStdHandle
GetFileType
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
GetCurrentThreadId
lstrcmpA
GetFileTime
GetFileSize
GetFileAttributesA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
FileTimeToLocalFileTime
GlobalLock
GlobalUnlock
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
FreeLibrary
lstrcpyA
EnterCriticalSection
lstrcpynA
GetLastError
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetLastError
GetTimeZoneInformation
GetTickCount
Sleep
FileTimeToSystemTime
Module32First
CreateToolhelp32Snapshot
VirtualProtect
GetSystemTime
GetCurrentProcessId

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
LoadIconA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
GetClientRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
GetMessagePos
GetSysColorBrush
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
CopyRect
SendMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GetWindowTextA
EnableWindow
PostMessageA
IsWindow
SetWindowTextA
InvalidateRect
GetMessageTime
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
LoadCursorA
PtInRect
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetForegroundWindow
GetMenuState
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MsgWaitForMultipleObjects
GetGUIThreadInfo
GetWindowThreadProcessId
CallWindowProcA
MessageBoxA
MessageBoxTimeoutA

gdi32

SetBkColor
SetTextColor
GetClipBox
DeleteDC
DeleteObject
CreateBitmap
Escape
PtVisible
ExtTextOutA
TextOutA
GetStockObject
GetObjectA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
RectVisible
GetDeviceCaps

advapi32

LookupPrivilegeValueA
RegOpenKeyA
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegCloseKey

rasapi32

RasDialA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA
RasHangUpA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

select
closesocket
recv
send
connect
gethostname
ioctlsocket
gethostbyname
WSASetLastError
socket
setsockopt
WSACleanup
WSAStartup
htons

wininet

InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA

Exports

Exports

k

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3d187d9c92e46d03012b55f576dccd9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

rasapi32

comdlg32

winspool.drv

comctl32

wsock32

wininet

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 104KB - Virtual size: 158KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 104KB - Virtual size: 158KB

.reloc
Size: 16KB - Virtual size: 14KB