blackmoon | 52baac0977fc8dea3af9e863df7796de9bc1165c633447913f5202a7c03678a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52baac0977fc8dea3af9e863df7796de9bc1165c633447913f5202a7c03678a9
Size

212KB
MD5

3963c404e317ab2be1f9f1e85e3b15f0
SHA1

53fcc3a4a8afbf82a55df4bcf672ee3af6231a7d
SHA256

52baac0977fc8dea3af9e863df7796de9bc1165c633447913f5202a7c03678a9
SHA512

66693c403cade570c9566f9e5316adac79ed5fa28dbec8ebf189b909f4d3a08a3f767631b80fa10c110d6e30b2354d482c8914a9ec8ce92285731af5e87b555e
SSDEEP

3072:GbnVFk7K1LSaJ8f5qZEpadUNUVICN/IDnVsDjsGrsB9sY6OfBk9aUSo:eVaCSaJ25qZwadX/w6sGrsLsYJBk9I

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

52baac0977fc8dea3af9e863df7796de9bc1165c633447913f5202a7c03678a9
.dll windows x86

98cb8a59e4860ab9024134d1e4a9f113

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strrchr
_adjust_fdiv
malloc
_initterm
free
_ftol
realloc

kernel32

VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
LoadLibraryA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ