Behavioral task
behavioral1
Sample
6f9052aff3e54c28a7dc8174b785f9c82aba414104bbc864ceec0b4f57a52f1f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6f9052aff3e54c28a7dc8174b785f9c82aba414104bbc864ceec0b4f57a52f1f.exe
Resource
win10v2004-20230220-en
General
-
Target
6f9052aff3e54c28a7dc8174b785f9c82aba414104bbc864ceec0b4f57a52f1f
-
Size
56KB
-
MD5
4485cea7973d6e6ae45982ee6c6b8fd7
-
SHA1
7d8197103861fd6711509c1a35aac38addaed2ce
-
SHA256
6f9052aff3e54c28a7dc8174b785f9c82aba414104bbc864ceec0b4f57a52f1f
-
SHA512
2c76169cd5d597f699dfc51b21a252c8ecf092040c1daf92da1b17cf90b93fd1b35cefbd0dd2a2fc0acbba822e4c08e1ce5ce10f9537c48f57361cb51c7a3bff
-
SSDEEP
768:VJQbdoiT+BiGcNiRJtmviiEiB9b1CRaWHKFt/Q:b0oiTzGcWivDivytI
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6f9052aff3e54c28a7dc8174b785f9c82aba414104bbc864ceec0b4f57a52f1f
Files
-
6f9052aff3e54c28a7dc8174b785f9c82aba414104bbc864ceec0b4f57a52f1f.exe windows x86
34c37496698b7c9e0ed7ace0979e5831
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
ExitProcess
GetStringTypeW
GetModuleHandleA
GetProcessHeap
GetStringTypeA
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetFilePointer
GetProcAddress
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
user32
MessageBoxA
wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ