Behavioral task
behavioral1
Sample
brunoHacker.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
brunoHacker.exe
Resource
win10v2004-20230220-en
General
-
Target
brunoHacker.exe
-
Size
408KB
-
MD5
cda724098f73a391b79378ef37177297
-
SHA1
c452c06614d914765eda8c33b7e618bdcddee50e
-
SHA256
6e61574af212af8a984e691c74b9bbd91d52285acd60fb778629e9bf13262b2b
-
SHA512
685f166a531911801fafaef22ddb91b43f040a7fe24a06c02c9bfd0db1b04b3982dbcb907b255fa93174f813aa754483d237a9173cc7788f44f41531ba680e1e
-
SSDEEP
6144:c2GWQGcZTVN+0yB6oJrcR/QRqrGj7LWd1ZDg7HHEqrGjG5vYEA:c2zQGyTVVYJrjqrG7uMHEqrGkvYE
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Gh0st RAT payload 1 IoCs
Processes:
resource yara_rule sample family_gh0strat -
Gh0strat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource brunoHacker.exe
Files
-
brunoHacker.exe.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 128KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 268KB - Virtual size: 356KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE