blackmoon | 69b8dbf11ef3357dd2ba01aeeffb12f4e589a05ef8488a59e3e963b43de0c16e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69b8dbf11ef3357dd2ba01aeeffb12f4e589a05ef8488a59e3e963b43de0c16e
Size

311KB
MD5

7c1d32fe040ee91324db8677f2388991
SHA1

b16e3df561c2c4c6ce28301b109226de799d6813
SHA256

69b8dbf11ef3357dd2ba01aeeffb12f4e589a05ef8488a59e3e963b43de0c16e
SHA512

0fde69cf6a3a1f40ec85f9f2e99c6842972c8aa067cc5c621ee05dd3e34c3815df5109eb302f2e9c166b5c6dc0fff69edc7d47b395e2277bc0308b699e7bb61c
SSDEEP

6144:pxocXviDiiwoTiwvnC322DTxOcbOuZ56maQ8vnPv4RqjA56dgqMN3F:pxoiaDiiwoTiwvnC322DTxOKVaQsqN1

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69b8dbf11ef3357dd2ba01aeeffb12f4e589a05ef8488a59e3e963b43de0c16e

Files

69b8dbf11ef3357dd2ba01aeeffb12f4e589a05ef8488a59e3e963b43de0c16e
.exe windows x86

ad1b2a00ce393648beb7b7d3755a7752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA
GetWindowThreadProcessId

kernel32

CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA

msvcrt

modf
_ftol
free
malloc
sprintf
strchr
atoi
realloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ