blackmoon | 5f381a7fa29fddcbf6b77a42d11ef6b25bbe749a09dd24e6cd299a39cdb7cbe3

General

Target

5f381a7fa29fddcbf6b77a42d11ef6b25bbe749a09dd24e6cd299a39cdb7cbe3
Size

2.1MB
MD5

ba19b84f3281ba1c4304c55021fd91ba
SHA1

6e3ea66b1c30da06f0181096c4c8717b4151f5dc
SHA256

5f381a7fa29fddcbf6b77a42d11ef6b25bbe749a09dd24e6cd299a39cdb7cbe3
SHA512

6d96e2080ec3fcfb0d020cd5075105e880c82d8dbccf224d88ea4d2fab901450900b12631cba30de88dd18918bf811e0ec30a8a816405ad80880a87bd431a9c5
SSDEEP

49152:Cfs5h65WtjrvcvbDRBGlPh7pYFMXseh6KFCplgiFyn1AuOm:B5h68j7cvnL2WFMX+KFwlJFsAu5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

5f381a7fa29fddcbf6b77a42d11ef6b25bbe749a09dd24e6cd299a39cdb7cbe3
.exe windows x86

6a34986fc568ec290940326aa9aeaa9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
DeleteFileA
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
GetModuleHandleA
SetFileAttributesA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetProcessHeap
RtlMoveMemory
lstrcpyn
TerminateProcess
WaitForSingleObject
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
MoveFileA
GetLocalTime

user32

wsprintfA
MessageBoxA
wvsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

msvcrt

_atoi64
_ftol
atoi
_CIpow
modf
floor
_CIfmod
strncpy
??3@YAXPAX@Z
strncmp
??2@YAPAXI@Z
__CxxFrameHandler
strrchr
strchr
realloc
memmove
calloc
free
sprintf
malloc

shlwapi

PathFileExistsA

shell32

ShellExecuteA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a34986fc568ec290940326aa9aeaa9e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

shell32

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 1024B - Virtual size: 756B

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 1024B - Virtual size: 756B