blackmoon | 427486e01fe35b99aacf88b0e0e43cbbd34cfbe1a9e1307d71add9926c13ec64 | Triage

Sharing

General

Target

427486e01fe35b99aacf88b0e0e43cbbd34cfbe1a9e1307d71add9926c13ec64
Size

20KB
MD5

6bc871d877f91f8632f68a179a025b00
SHA1

3d4ff7db39bd06ca0b8932d1ae5dc313a028f07c
SHA256

427486e01fe35b99aacf88b0e0e43cbbd34cfbe1a9e1307d71add9926c13ec64
SHA512

14170d599a49f0e9eb0a9668b5a72357d7c0ce1fa8fa408345ee174b1a9c21e11acf14800d73f2942d9c35afaff630344e260ac122d6bd4e18a79491ba3851c3
SSDEEP

384:n+Cnjwr+Vt7pzjvpakzol2/Kawwln8JC7mAUmfjDphm:n+CjwWVZcda1lnWAUm7D

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
427486e01fe35b99aacf88b0e0e43cbbd34cfbe1a9e1307d71add9926c13ec64

Files

427486e01fe35b99aacf88b0e0e43cbbd34cfbe1a9e1307d71add9926c13ec64
.exe windows x86

594c994fb9bbbcaef4ffbae1d7264a1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
DeleteFileA
GetCommandLineA
FreeLibrary
GetProcAddress
ExitProcess
DeleteCriticalSection
CreateThread
CloseHandle
GetProcessHeap
GetModuleHandleA
MultiByteToWideChar
VirtualAllocEx
FindClose
FindFirstFileW
LoadLibraryA

user32

GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
PeekMessageA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

msvcrt

??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
_ftol
strchr
atoi
modf
free
sprintf

shlwapi

PathFileExistsA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ