blackmoon | b682ada63ea768b89b2ad82b870c8a527b5b62d0adf6322c79cb181e17d040e4

Sharing

Copy URL Twitter E-mail

General

Target

b682ada63ea768b89b2ad82b870c8a527b5b62d0adf6322c79cb181e17d040e4
Size

225KB
MD5

7ba3d3f7d6e6cfc1127400998b122633
SHA1

4919fbbf2020f6d7b82393778a72a9c83e7b7a9a
SHA256

b682ada63ea768b89b2ad82b870c8a527b5b62d0adf6322c79cb181e17d040e4
SHA512

0a3437de2f3ca2a1ebbdd274eea49bd6f317dcec10ec2f60f1bb2d2eb4d5e4d54079ba77ce131ab3e84f10b27310c1c8af8f42cd16103179e1c575463703ca85
SSDEEP

3072:vpifnaoKoJe+cU4kdOyeO1ZXtCl5c2b2J902dVzT1ujtSGUYo+:vofaoKKeJAzZaPlITeSOp

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

b682ada63ea768b89b2ad82b870c8a527b5b62d0adf6322c79cb181e17d040e4
.exe windows x86

490ee25dc593454a16347aa3727b68a0

Code Sign

39:25:3b:b9:d1:a6:1e:74:b7:92:ae:02:4a:85:43:be
Certificate

Issuer

CN=zxcvbnmlkytrrrrrrrrrrrrrrrrrr

Not Before

31/12/2011, 16:00

Not After

31/12/2017, 16:00

Subject

CN=zxcvbnmlkytrrrrrrrrrrrrrrrrrr

Extended Key Usages

ExtKeyUsageCodeSigning

f9:61:b3:8c:83:fd:3d:40:91:d0:c6:93:29:4b:4d:9e:95:28:5e:cb
Signer

Actual PE Digest

f9:61:b3:8c:83:fd:3d:40:91:d0:c6:93:29:4b:4d:9e:95:28:5e:cb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=zxcvbnmlkytrrrrrrrrrrrrrrrrrr

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
GetCurrentProcess
GetLastError
GetVersionExA
HeapFree
LCMapStringA
GetModuleFileNameA
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
WriteFile
CreateFileA
GetProcAddress
IsBadReadPtr
GetProcessHeap
LocalSize
LocalAlloc
LocalFree
RtlMoveMemory
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
GetModuleHandleA
LoadLibraryA
VirtualAlloc

user32

CheckMenuRadioItem
MsgWaitForMultipleObjects
FindWindowExA
SetForegroundWindow
GetSubMenu
TrackPopupMenu
GetMenuStringA
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
KillTimer
SetTimer
RegisterClassExA
LoadIconA
SetActiveWindow
DispatchMessageA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
PeekMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
GetMenuItemID
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
UnregisterHotKey
RegisterHotKey
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
CopyImage
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetParent
GetWindowRect
GetFocus
SetFocus
IsWindow
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcA
SendMessageA
EndPaint
BeginPaint
GetInputState
SendMessageTimeoutA
RegisterWindowMessageA
GetClassNameA
CheckMenuItem

advapi32

RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDList
DragQueryFileA
DragFinish
Shell_NotifyIconA
DragAcceptFiles
ShellExecuteA

ole32

CoUninitialize
CoInitialize

atl

ord42

oleacc

ObjectFromLresult

gdi32

DeleteObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
GetStockObject

oleaut32

SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

490ee25dc593454a16347aa3727b68a0

Code Sign

39:25:3b:b9:d1:a6:1e:74:b7:92:ae:02:4a:85:43:beCertificate

Extended Key Usages

f9:61:b3:8c:83:fd:3d:40:91:d0:c6:93:29:4b:4d:9e:95:28:5e:cbSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

atl

oleacc

gdi32

oleaut32

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 60KB - Virtual size: 137KB

.rsrc Size: 4KB - Virtual size: 4KB

39:25:3b:b9:d1:a6:1e:74:b7:92:ae:02:4a:85:43:be
Certificate

f9:61:b3:8c:83:fd:3d:40:91:d0:c6:93:29:4b:4d:9e:95:28:5e:cb
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 60KB - Virtual size: 137KB

.rsrc
Size: 4KB - Virtual size: 4KB