blackmoon | 29de9b3ac8bba03341eaed5e56f778f15e87e21fd491c9e16f09eb29f3a8af91 | Triage

Sharing

General

Target

29de9b3ac8bba03341eaed5e56f778f15e87e21fd491c9e16f09eb29f3a8af91
Size

2.6MB
MD5

fd385c3bb500050a1ad57d789c9a525d
SHA1

330455acc3f745f3bce56c1c29fbc036551fdc19
SHA256

29de9b3ac8bba03341eaed5e56f778f15e87e21fd491c9e16f09eb29f3a8af91
SHA512

e1013654373fce589bdeed0ab3d873b6119e4eaabb02992416d825f46f3790e34f8b62fce68784a24e7623ab79610a051bfac00cb06dd9c6fd2609a3d0c5f5c7
SSDEEP

49152:NehxOedIU7nAOXIt2tlixVgKF6M+/kuGk5hfephoAoaBZy2CbgFZSDRzVa5hSjC:Neh8edn7nbItMliXgKFN+fHshL1TqgFl

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
29de9b3ac8bba03341eaed5e56f778f15e87e21fd491c9e16f09eb29f3a8af91
unpack001/out.upx

Files

29de9b3ac8bba03341eaed5e56f778f15e87e21fd491c9e16f09eb29f3a8af91
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 756KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ