blackmoon | brunoHacker[.]exe | Triage

Sharing

General

Target

brunoHacker.exe
Size

408KB
MD5

cda724098f73a391b79378ef37177297
SHA1

c452c06614d914765eda8c33b7e618bdcddee50e
SHA256

6e61574af212af8a984e691c74b9bbd91d52285acd60fb778629e9bf13262b2b
SHA512

685f166a531911801fafaef22ddb91b43f040a7fe24a06c02c9bfd0db1b04b3982dbcb907b255fa93174f813aa754483d237a9173cc7788f44f41531ba680e1e
SSDEEP

6144:c2GWQGcZTVN+0yB6oJrcR/QRqrGj7LWd1ZDg7HHEqrGjG5vYEA:c2zQGyTVVYJrjqrG7uMHEqrGkvYE

Score

10^/10

blackmoon gh0strat

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon
Gh0st RAT payload 1 IoCs

Processes:

resource yara_rule

sample family_gh0strat
Gh0strat family
gh0strat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

brunoHacker.exe

Files

brunoHacker.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE