blackmoon | 53fff9337c461ac70fd7cf955e28ed5491d510c8c0751ffc5399a9afe5fb1c92

Resubmissions

24-06-2023 18:32

230624-w6wdaaca62 10

24-06-2023 18:23

230624-w1la5adb3t 10

Sharing

Copy URL

Twitter E-mail

General

Target

53fff9337c461ac70fd7cf955e28ed5491d510c8c0751ffc5399a9afe5fb1c92
Size

3.9MB
MD5

0f960403760090619b597c4ffd500b66
SHA1

7b3fcd7f5e759d0cfb81ac6b8a4061e49a63596f
SHA256

53fff9337c461ac70fd7cf955e28ed5491d510c8c0751ffc5399a9afe5fb1c92
SHA512

bdb2be2d0cbbd8d25e0041fd3f931b06bceb1f9801328d3f4c48a368517684c2d366925564bb1a8365b0677c8ffc55660a37d6816dddf735c0509bb0e6923d82
SSDEEP

49152:eC/pVUOajTbpPHiHvVEgHztu+thX44ifGJtSqeQLgza6BDm5TN+IMUu9+d1cL+N:xBuh18VzArOSqeDalc6dF

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
53fff9337c461ac70fd7cf955e28ed5491d510c8c0751ffc5399a9afe5fb1c92

Files

53fff9337c461ac70fd7cf955e28ed5491d510c8c0751ffc5399a9afe5fb1c92
.exe windows x86

3c9f5b819c2a7178a118a27fa941a344

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputA
LCMapStringA
LoadLibraryA
FreeLibrary
GetStartupInfoA
CopyFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
GlobalLock
GlobalUnlock
GetUserDefaultLCID
GetModuleFileNameA
Sleep
ReadConsoleA
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
VirtualProtect
FlushInstructionCache
VirtualFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
OpenThread
lstrcpyn
ExitThread
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
lstrcmpiA
ExitProcess
VirtualAlloc
TlsSetValue
TlsGetValue
TlsAlloc
Module32Next
Module32First
VirtualQuery
SetEnvironmentVariableA
GetEnvironmentVariableA
TerminateThread
GetExitCodeThread
GetCurrentThread
CreateThread
lstrlenA
GlobalFree
RtlMoveMemory
GlobalAlloc
TerminateProcess
OpenProcess
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DeleteCriticalSection
WaitForSingleObject
CreateProcessA
GetLocalTime
GetProcessHeap
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
CreateFileW
FindClose
FindFirstFileW
CreateDirectoryW
IsBadCodePtr
IsBadReadPtr
MultiByteToWideChar
LocalFree
LocalAlloc
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA
GetDateFormatA
WideCharToMultiByte
lstrlenW
GetTickCount
GetCurrentProcessId
SetConsoleMode
GetConsoleMode
GetStdHandle
InitializeCriticalSection
InterlockedExchange
CompareStringW
CompareStringA
GetFileAttributesA
GetLastError
GetVersionExA
GetTempPathA
lstrcpyA
SetLastError
lstrcatA
SizeofResource
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetCurrentDirectoryA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetErrorMode
lstrcpynA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
GetExitCodeProcess

shlwapi

PathIsDirectoryW

ws2_32

bind
inet_ntoa
WSACleanup
gethostbyname
listen
sendto
inet_addr
gethostname
closesocket
connect
htons
socket
getsockname
recvfrom
htonl
ntohs
getpeername
send
WSAStartup
recv
select
__WSAFDIsSet
accept

user32

PostQuitMessage
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
LoadStringA
GetDlgCtrlID
GetMenuItemCount
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowTextW
GetSystemMenu
EnableMenuItem
GetWindowRect
RedrawWindow
SetWindowTextA
FlashWindowEx
PostMessageA
CharLowerA
WaitForInputIdle
SetWindowPos
SetForegroundWindow
IsWindow
SystemParametersInfoA
GetDC
ReleaseDC
PtInRect
GetWindowLongA
wvsprintfA
MessageBoxA
GetDesktopWindow
GetWindow
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SendMessageA
GetSystemMetrics
GetWindowTextLengthW
GetClassNameA
GetParent
GetWindowThreadProcessId
IsWindowVisible
FindWindowExA
GetWindowTextA
SetWindowLongA
GetSubMenu
GetDlgItem

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
ScaleViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
GetObjectA
RestoreDC
SaveDC
CreateBitmap
SetViewportExtEx
DeleteObject
GetDeviceCaps
SelectObject
DeleteDC

advapi32

CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoSetProxyBlanket
CoUninitialize
CoInitialize

oleaut32

SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SystemTimeToVariantTime
SysFreeString
VariantTimeToSystemTime
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys

winhttp

WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpen
WinHttpCrackUrl
WinHttpSetCredentials
WinHttpConnect
WinHttpCheckPlatform
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpSendRequest

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

.text
Size: 588KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 464KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

3c9f5b819c2a7178a118a27fa941a344

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

ole32

oleaut32

winhttp

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 588KB - Virtual size: 584KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 464KB - Virtual size: 593KB

.rsrc Size: 2.9MB - Virtual size: 2.8MB

.text
Size: 588KB - Virtual size: 584KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 464KB - Virtual size: 593KB

.rsrc
Size: 2.9MB - Virtual size: 2.8MB