blackmoon | NA_NA_35c840955f4be7exeexe_JC[.]exe | Triage

Sharing

General

Target

NA_NA_35c840955f4be7exeexe_JC.exe
Size

2.2MB
MD5

35c840955f4be789ddc0e252974171ef
SHA1

c96bb00118c2a129bae0da4696e8f31b028e4a43
SHA256

c3c053e4997390d69fbbc2b81b1452b717bfbe23d27df456b79ac63b04d9527e
SHA512

5bf7df799ca903f7a97725c0644533f74d33df42aa8e629fc0a165eb66d27dc1a787cc72fbab3b9f5dfaea6db2a1137d799093a4de8adabe600f34fbc3183da2
SSDEEP

49152:9bYwI4iheW4SkZP4sz9Mb5eW4SkZP4sz9MbQ:yei1fkZcNfkZcQ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

NA_NA_35c840955f4be7exeexe_JC.exe

Files

NA_NA_35c840955f4be7exeexe_JC.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE