blackmoon | 5b07fff53cdb59d840cced6bc7ec88182252d0c291f56e2757c7dc7af0fb1e29

Sharing

Copy URL Twitter E-mail

General

Target

5b07fff53cdb59d840cced6bc7ec88182252d0c291f56e2757c7dc7af0fb1e29
Size

247KB
MD5

70778f37d0acc748ace69222a3079a7f
SHA1

74a3789181c496932678273dbfaa5419b8739d8f
SHA256

5b07fff53cdb59d840cced6bc7ec88182252d0c291f56e2757c7dc7af0fb1e29
SHA512

1cca999c9a646d7bdf7b26a2a49b0133a16b0205917a353a0b6dcec35ac3be85fd45c6857e20cb6b4c93f59fe674f25f3fc13569ac9e4be5100a85035d4794dc
SSDEEP

6144:vurxp6XMqtANBN9YVA264GXEh/uug2VWR:vu1pSMMANBN9YWEG0h/uug2VWR

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b07fff53cdb59d840cced6bc7ec88182252d0c291f56e2757c7dc7af0fb1e29

Files

5b07fff53cdb59d840cced6bc7ec88182252d0c291f56e2757c7dc7af0fb1e29
.exe windows x86

c6cdf16c70c6a4996b5451bd16878e4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
OpenFileMappingA
CreateFileMappingA
OpenEventA
CreateEventA
VirtualProtect
GetFileAttributesA
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
Process32First
Process32Next
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerA
SetWaitableTimer
lstrcpyn
GetProcessHeap
GetModuleHandleA
ExitProcess
VirtualFree
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
WriteFile
GetStdHandle
ReadConsoleA
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
HeapAlloc
IsDebuggerPresent

user32

GetClassNameA
CreateWindowStationA
GetWindowThreadProcessId
MessageBoxA
GetWindowTextA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
wsprintfA
IsWindowVisible

shell32

ShellExecuteA

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

ws2_32

inet_addr
htons
socket
WSAStartup
connect
gethostbyname
send
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup
closesocket

msvcrt

_getch
memmove
realloc
strchr
strrchr
modf
_atoi64
??2@YAPAXI@Z
strncmp
sprintf
__CxxFrameHandler
??3@YAXPAX@Z
free
malloc
atoi
_ftol
_CIfmod
strtod
strncpy

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6cdf16c70c6a4996b5451bd16878e4e

Headers

File Characteristics

Imports

kernel32

user32

shell32

wininet

ws2_32

msvcrt

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 77KB

.rsrc Size: 1024B - Virtual size: 664B

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 664B