blackmoon | 6e883f7c3e98c78cb9865200343172131f13a9fa904daf93a1e634ba0235de12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6e883f7c3e98c78cb9865200343172131f13a9fa904daf93a1e634ba0235de12
Size

3.6MB
MD5

461ce468484e3998b1c72791198c9d64
SHA1

7b5c4cba9feaf3143b976de33af52ec743c88c2f
SHA256

6e883f7c3e98c78cb9865200343172131f13a9fa904daf93a1e634ba0235de12
SHA512

bad99144dee744ea53f56f4be8bf9a9997e9681cbfafda7c5c1047fc4ee378b68ede7927bff67cc2f1b1e0b1fb752f5dd0fc0d57e0f318f2c754c163c0dee4ea
SSDEEP

98304:vcO1dFdskcqP6QnCI8t7HUhEpTppWSU/uyQW:vcOXPpTwzUhEpTHWSI

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

6e883f7c3e98c78cb9865200343172131f13a9fa904daf93a1e634ba0235de12
.dll windows x86

a757c6f41f7ec36d1ba116e986ce279f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CreateFileA
GetTickCount
GetCommandLineA
GetProcessHeap
GetProcAddress
LCMapStringA
DeleteCriticalSection
CreateThread
TerminateProcess
GetModuleFileNameA
OpenProcess
GetModuleHandleA
GetCurrentProcessId
CloseHandle
Sleep

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
IsWindow
FindWindowA

msvcrt

_atoi64
_ftol
atof
_CIpow
rand
modf
free
malloc
strncmp
__CxxFrameHandler
memmove
??2@YAPAXI@Z
strrchr
sprintf
??3@YAXPAX@Z

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Exports

Exports

te

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ