Behavioral task
behavioral1
Sample
02b5749599631d952bc56a767cd049a4ddcf9c333d4198cf7c2393ac164c6e11.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
02b5749599631d952bc56a767cd049a4ddcf9c333d4198cf7c2393ac164c6e11.exe
Resource
win10v2004-20230220-en
General
-
Target
02b5749599631d952bc56a767cd049a4ddcf9c333d4198cf7c2393ac164c6e11
-
Size
60KB
-
MD5
f30302ed8428c964902d42d2bc489092
-
SHA1
3486d30acae9689167e062c9568398b4de084feb
-
SHA256
02b5749599631d952bc56a767cd049a4ddcf9c333d4198cf7c2393ac164c6e11
-
SHA512
819832506436b36febc3f0df5866830f4492fa480fb877580604eb864623ba39d83151cba310b679e64e0252fce2d31e1582fe116e0ab4b712c2dcfcd412bcbc
-
SSDEEP
768:JKXpNQSz2Ty03MKYB5ceXddRbRiItD9iB9ll1byj6QFztZw:4DXz2Tl8X53dLRttGmOSti
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 02b5749599631d952bc56a767cd049a4ddcf9c333d4198cf7c2393ac164c6e11
Files
-
02b5749599631d952bc56a767cd049a4ddcf9c333d4198cf7c2393ac164c6e11.exe windows x86
422e6575959d594211eadad9ef308086
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
ExitProcess
GetCommandLineA
GetStringTypeW
GetModuleHandleA
CreateFileA
GetProcessHeap
GetStringTypeA
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetProcAddress
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
user32
MessageBoxA
wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
Sections
.text Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ