blackmoon | 7581526fe19e3cb74199dca9f279d2b89bab48d2b9c6e7fd2279cbff3cb42254 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7581526fe19e3cb74199dca9f279d2b89bab48d2b9c6e7fd2279cbff3cb42254
Size

2.4MB
MD5

6a56c51d55ca50af8be9b01b84d3d714
SHA1

dc105073482efdccb0e69bc6514af5a59105dedb
SHA256

7581526fe19e3cb74199dca9f279d2b89bab48d2b9c6e7fd2279cbff3cb42254
SHA512

6115dd31e9d94349548e1f9e12581bc26b5ac98b6390496d068dda77fb36be5ef37a369719c227ba9904519bb63537afaed73e1e4f528bba7d996ed8fc262aba
SSDEEP

49152:RT6a9afNkkPjqq7U++g90uAR58CeNzWX1A:RT/9iXJ7U++jUW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7581526fe19e3cb74199dca9f279d2b89bab48d2b9c6e7fd2279cbff3cb42254

Files

7581526fe19e3cb74199dca9f279d2b89bab48d2b9c6e7fd2279cbff3cb42254
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 109KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Rye
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_MEM_EXECUTE