blackmoon | c5b259bcad6846_JC[.]exe | Triage

Sharing

General

Target

c5b259bcad6846_JC.exe
Size

955KB
MD5

c5b259bcad68460451249aa9ff5d4c59
SHA1

a53ccd534ef8d5c61e807972339fd8cbfd3999cc
SHA256

deae486211d65cf112af12f8481f1cba5330203706e372da16abb6c2d9b859b2
SHA512

f2dc7c4bb295c24be10063521be2956ab44c6f6e0d17f973816eaa537c92a4cf73f620ca176f671a3516e9766cc86d56fc639f2fb3077db0a859a658f3e85178
SSDEEP

24576:9bByA20GK5jcAkSYqyEPa9dsTcQ7IwMpKI:9bYA7pYqi9dsTh7Iwi

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

c5b259bcad6846_JC.exe

Files

c5b259bcad6846_JC.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE