blackmoon | 74260ae8ee8337a52c71c8ef927c2efa4b067fca174f7ae5f56d0a67dd882423 | Triage

Sharing

General

Target

74260ae8ee8337a52c71c8ef927c2efa4b067fca174f7ae5f56d0a67dd882423
Size

9.0MB
MD5

83410c203b78886dbaf17891a59d42c5
SHA1

f52fcb2ef8b9bc67cff9f56d54a9919a841072d5
SHA256

74260ae8ee8337a52c71c8ef927c2efa4b067fca174f7ae5f56d0a67dd882423
SHA512

18baf7b8cf503617ae7968f73197363346739c848b70982c23b8d3e117389e5c39b1fa00baff61e1442c936dfdcd3f4ac81d3329778e7b871c3491a3b8c10545
SSDEEP

196608:60FEzsFqfCZPyF4yog1TEwA4oWfKKw8/hwtXVqrYGsQA059bGILFncoQiEepkM+M:QoYCZaF4y5Ed1cK8hwtRHQA059tCepkC

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
74260ae8ee8337a52c71c8ef927c2efa4b067fca174f7ae5f56d0a67dd882423
unpack001/out.upx

Files

74260ae8ee8337a52c71c8ef927c2efa4b067fca174f7ae5f56d0a67dd882423
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ