Behavioral task
behavioral1
Sample
971b4c036aacae1cf4099c4894c139fa5f1c37c8def0c6d55c59b6c86890c774.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
971b4c036aacae1cf4099c4894c139fa5f1c37c8def0c6d55c59b6c86890c774.exe
Resource
win10v2004-20230221-en
General
-
Target
971b4c036aacae1cf4099c4894c139fa5f1c37c8def0c6d55c59b6c86890c774
-
Size
202KB
-
MD5
0568b512a59c9db62aa91c8ef18e862c
-
SHA1
5852df766674de31b7af25cff4c87bab1f2ba43d
-
SHA256
971b4c036aacae1cf4099c4894c139fa5f1c37c8def0c6d55c59b6c86890c774
-
SHA512
513b08b3e3b22ef152aa963225c4851ea16a65197e6f28fd7056c94ed1a13c80a956476f61c73641cb7dda6306ec18351c370455fb9442e6e86ebfe607d5388b
-
SSDEEP
3072:WmhFlEiEuuo6QW/+17Eq6tVv9mL81gfECQ:WmhFlEQuN+TOlma
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 971b4c036aacae1cf4099c4894c139fa5f1c37c8def0c6d55c59b6c86890c774
Files
-
971b4c036aacae1cf4099c4894c139fa5f1c37c8def0c6d55c59b6c86890c774.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 22KB - Virtual size: 120KB
Size: 236KB - Virtual size: 4B
���� Size: - Virtual size:
IMAGE_SCN_CNT_INITIALIZED_DATA
Size: - Virtual size: