blackmoon | 8a869ec9ebca5ebab89d133ed96f3c3b6659a2e8ce8a1e77230d7dcac7f25239

Sharing

Copy URL Twitter E-mail

General

Target

8a869ec9ebca5ebab89d133ed96f3c3b6659a2e8ce8a1e77230d7dcac7f25239
Size

552KB
MD5

1a7546ebdf7df9982f2f45b41d855c22
SHA1

943d7f7c75e012ad5f8d95f81f9a8d4b429cb020
SHA256

8a869ec9ebca5ebab89d133ed96f3c3b6659a2e8ce8a1e77230d7dcac7f25239
SHA512

6605bcb350e38d39274e112d73151e97f59c9878194a26eca3ebfa140a2c0d6ab13e03947723a860b54365438ef0d7b2e30758a066b5cf1a7979ed3042b0b297
SSDEEP

12288:WM8tFBnqBFpuxElRdVSFCDJIPds6DLb64Dm4TR5nWFpPoS0:WM8nBnqBFpuKlRHSoDJIP66DvHDm3be

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a869ec9ebca5ebab89d133ed96f3c3b6659a2e8ce8a1e77230d7dcac7f25239

Files

8a869ec9ebca5ebab89d133ed96f3c3b6659a2e8ce8a1e77230d7dcac7f25239
.exe windows x86

61f528c51efade871b026af50b6f388b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
Process32First
Process32Next
VirtualAlloc
VirtualFree
GetCurrentProcessId
OpenFileMappingA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringA
FreeLibrary
GetModuleFileNameA
GetPrivateProfileStringA
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
GetLocalTime
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
SetErrorMode
lstrcatA
lstrcpyA
GetCurrentThreadId
GetDiskFreeSpaceExA
LocalAlloc
LocalFree
TlsAlloc
WritePrivateProfileStringA
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
ReadConsoleA
GetStdHandle
WriteFile
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlMoveMemory
lstrcpynA
WideCharToMultiByte
lstrlenW
GetTickCount
CloseHandle
Sleep
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileMappingA
GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
VirtualProtect

user32

GetDlgCtrlID
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
GetClassLongA
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetWindowTextA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
LoadStringA
UnhookWindowsHookEx
SendMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetLastActivePopup
GetWindow
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
GetAsyncKeyState
FindWindowExA
GetParent
GetWindowTextLengthW
GetWindowTextW
GetWindowInfo
MessageBoxA
wsprintfA
CloseClipboard
EmptyClipboard
OpenClipboard
GetMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathFileExistsA

ws2_32

recv
getsockname
ntohs
send
select
WSAStartup
socket
gethostbyname
connect
htons
inet_addr
WSACleanup
closesocket
WSAAsyncSelect

gdi32

SetTextColor
SetBkColor
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetClipBox
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
GetObjectA
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

psapi

GetProcessImageFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61f528c51efade871b026af50b6f388b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

gdi32

psapi

winspool.drv

comctl32

Sections

.text Size: 352KB - Virtual size: 351KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 168KB - Virtual size: 266KB

.rsrc Size: 4KB - Virtual size: 640B

.text
Size: 352KB - Virtual size: 351KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 168KB - Virtual size: 266KB

.rsrc
Size: 4KB - Virtual size: 640B