Behavioral task
behavioral1
Sample
c3dd35e2accbb005e6ccd820c285da21a84c2086784a27797c8831f9b28083ad.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c3dd35e2accbb005e6ccd820c285da21a84c2086784a27797c8831f9b28083ad.exe
Resource
win10v2004-20230220-en
General
-
Target
c3dd35e2accbb005e6ccd820c285da21a84c2086784a27797c8831f9b28083ad
-
Size
56KB
-
MD5
9e80c60c76c2b36cc477a82b54da5f6a
-
SHA1
db60de63640bda96d033b53b92ea0f4ef74e4d99
-
SHA256
c3dd35e2accbb005e6ccd820c285da21a84c2086784a27797c8831f9b28083ad
-
SHA512
2b3f94c2eb1757235ebbab57c40224e3cd09ab1272791159ade8894c7da4a8b503fdf15a1013e6247741b30cb05db6ea68b457464bd1f625ed8c1466577efb91
-
SSDEEP
768:5y8WfuTSqH6ROcwGASxU9iCbFiB9W10xRUWWx6FztCA:2fuT3oOYAT9VisCtr
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource c3dd35e2accbb005e6ccd820c285da21a84c2086784a27797c8831f9b28083ad
Files
-
c3dd35e2accbb005e6ccd820c285da21a84c2086784a27797c8831f9b28083ad.exe windows x86
422e6575959d594211eadad9ef308086
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
ExitProcess
GetCommandLineA
GetStringTypeW
GetModuleHandleA
CreateFileA
GetProcessHeap
GetStringTypeA
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetProcAddress
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
user32
MessageBoxA
wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ