blackmoon | tmp

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

2.2MB
MD5

6c4aa8255e878893238d9d7c46594409
SHA1

3e7c7e3e6465de376c25faeb1193b09525385ead
SHA256

55ac28e0ee392e64e273b11e4b6ea2455cfe57395f2da35540b95f7c4d9e4046
SHA512

26e0b2174d00f7efa4e026eb027dd98327dd472547972ae5f02129aa87dd25b8c1d70bf17dc0cd5afc9986d662b748c33eef319b71799f906d984450e3dffc74
SSDEEP

24576:kdVpasknxaPeDJXXVr6fqkWj9FYnvHmerRW6RGieK8PEMoXsQnBXrP3I2IvrrP3v:Mx0J1HiHg6RUFEMusQn5r422rTm27

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Files

tmp
.exe windows x86

e12d7de0ca574bbf3e1a4625a241f333

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:1f:63:a5:0a:26:ef:ce:19:5c:ea:d3:e0:a7:e6:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-11-2020 00:00

Not After

19-09-2023 23:59

Subject

SERIALNUMBER=91440400553658152A,CN=珠海市澜海信息科技有限公司,O=珠海市澜海信息科技有限公司,L=珠海市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78fa0e6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:d4:93:74:91:35:62:a9:8c:d7:7b:ec:07:fa:a9:dd
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-11-2020 00:00

Not After

19-09-2023 23:59

Subject

SERIALNUMBER=91440400553658152A,CN=珠海市澜海信息科技有限公司,O=珠海市澜海信息科技有限公司,L=珠海市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78fa0e6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:15:38:4c:c9:22:16:e9:3f:a3:76:78:fc:39:ac:27:6f:c2:18:b3:3c:78:ce:11:ad:52:23:70:c9:2f:da:11
Signer

Actual PE Digest

52:15:38:4c:c9:22:16:e9:3f:a3:76:78:fc:39:ac:27:6f:c2:18:b3:3c:78:ce:11:ad:52:23:70:c9:2f:da:11

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440400553658152A,CN=珠海市澜海信息科技有限公司,O=珠海市澜海信息科技有限公司,L=珠海市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78fa0e6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

30-04-2023 03:31
Valid: true

Chain 1

SERIALNUMBER=91440400553658152A,CN=珠海市澜海信息科技有限公司,O=珠海市澜海信息科技有限公司,L=珠海市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78fa0e6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

1c:f9:de:fb:5a:86:48:e4:a4:79:e7:cc:01:cf:ec:6e:cf:fa:42:ad
Signer

Actual PE Digest

1c:f9:de:fb:5a:86:48:e4:a4:79:e7:cc:01:cf:ec:6e:cf:fa:42:ad

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=91440400553658152A,CN=珠海市澜海信息科技有限公司,O=珠海市澜海信息科技有限公司,L=珠海市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78fa0e6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

30-04-2023 03:31
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCommandLineA
GetTickCount
CreateFileA
WriteFile
DeleteFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
IsBadReadPtr
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
SetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
HeapFree
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
LocalFree
GetLastError
lstrcpynA
lstrcpyA
LocalAlloc
GetCurrentProcess
SetFilePointer
FlushFileBuffers
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
lstrcatA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetLocalTime
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
Sleep

user32

ClientToScreen
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetWindow
GetSystemMetrics
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetWindowRect
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetClassLongA
GetDlgCtrlID
GetWindowTextA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetWindowTextA
PtInRect
GetClassNameA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
FindWindowA
CreateWindowExA
UnregisterClassA

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetObjectA
GetStockObject
SetBkColor
SelectObject
CreateBitmap
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

oleaut32

VariantTimeToSystemTime

shlwapi

PathFileExistsA

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

WSAStartup
WSACleanup
select
recv
send
closesocket

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e12d7de0ca574bbf3e1a4625a241f333

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

02:1f:63:a5:0a:26:ef:ce:19:5c:ea:d3:e0:a7:e6:d6Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0f:d4:93:74:91:35:62:a9:8c:d7:7b:ec:07:fa:a9:ddCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

52:15:38:4c:c9:22:16:e9:3f:a3:76:78:fc:39:ac:27:6f:c2:18:b3:3c:78:ce:11:ad:52:23:70:c9:2f:da:11Signer

Signature Validations

Verification

30-04-2023 03:31 Valid: true

Chain 1

1c:f9:de:fb:5a:86:48:e4:a4:79:e7:cc:01:cf:ec:6e:cf:fa:42:adSigner

Signature Validations

Verification

30-04-2023 03:31 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

shlwapi

rasapi32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 2.1MB - Virtual size: 2.1MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

02:1f:63:a5:0a:26:ef:ce:19:5c:ea:d3:e0:a7:e6:d6
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0f:d4:93:74:91:35:62:a9:8c:d7:7b:ec:07:fa:a9:dd
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

52:15:38:4c:c9:22:16:e9:3f:a3:76:78:fc:39:ac:27:6f:c2:18:b3:3c:78:ce:11:ad:52:23:70:c9:2f:da:11
Signer

30-04-2023 03:31
Valid: true

1c:f9:de:fb:5a:86:48:e4:a4:79:e7:cc:01:cf:ec:6e:cf:fa:42:ad
Signer

30-04-2023 03:31
Valid: false

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 2.1MB - Virtual size: 2.1MB