blackmoon | 18d3f51c93220d5459ed96277e6fa4a143c0cb8fcf367e6596ac02f2f1e3f98f | Triage

Sharing

General

Target

18d3f51c93220d5459ed96277e6fa4a143c0cb8fcf367e6596ac02f2f1e3f98f
Size

2.2MB
MD5

f0b18df75f6cf98239e15b9baf504468
SHA1

090442e7acd656c4a21b22e7cde7d594e24a8054
SHA256

18d3f51c93220d5459ed96277e6fa4a143c0cb8fcf367e6596ac02f2f1e3f98f
SHA512

f7169b15d35422374d84cca9fdd98337f1a04e47ee0e9d065c6bfd934b3edd71e49f10ceb832f104f6b10188f9f4ab67da333f33da65a86c46b0dcd703537708
SSDEEP

24576:44FOQMEUmzzBAFx0iRZ8cSP1duq6roEqzTWtR5j8XPAlJ+d1MYTM4v/+AyeuYPJq:ptUhFx0NlNNClnXd7Elhm23am4zy2JfP

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18d3f51c93220d5459ed96277e6fa4a143c0cb8fcf367e6596ac02f2f1e3f98f

Files

18d3f51c93220d5459ed96277e6fa4a143c0cb8fcf367e6596ac02f2f1e3f98f
.exe windows:4 windows x86

9ab46ec246c74ed97212dc7f8ee76d7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
ExitProcess
MultiByteToWideChar
GetProcessHeap
GetModuleHandleA
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA

shell32

SHChangeNotify
ShellExecuteExW

msvcrt

??3@YAXPAX@Z
memmove
__CxxFrameHandler
srand
rand
atoi
_ftol
strchr
malloc
strncmp
free

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ