blackmoon | 405142a43e572ce2ad84716fe2fac19b35f788c03f1b88b10d909c880d5fbc99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

405142a43e572ce2ad84716fe2fac19b35f788c03f1b88b10d909c880d5fbc99
Size

527KB
MD5

5cec2b0e8555cae9eb0786e49d1e0126
SHA1

9f304d956c3580cdf41fb4d6ec7cb57d8300a7e3
SHA256

405142a43e572ce2ad84716fe2fac19b35f788c03f1b88b10d909c880d5fbc99
SHA512

4e406a612ce641408049daf665af090706a889e014cfa952e53950ddb5cd13687284908f29eb2cdc95e7b099450242713cc5e25d56bbcf4d01a6740b0e59f6a8
SSDEEP

12288:NrJuzw/FfCyK1bXDoKcn1DLkX1EswB7+871bi5IrnO/:NQMVCyK1gKcn10FEswBh7tCGO/

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
405142a43e572ce2ad84716fe2fac19b35f788c03f1b88b10d909c880d5fbc99
unpack001/out.upx

Files

405142a43e572ce2ad84716fe2fac19b35f788c03f1b88b10d909c880d5fbc99
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 490KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 752KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ