blackmoon | 6b3a8f0f9733c288334445b56a84e171e8f277d30d8fadb3c4f43394c91bc540

Sharing

Copy URL Twitter E-mail

General

Target

6b3a8f0f9733c288334445b56a84e171e8f277d30d8fadb3c4f43394c91bc540
Size

4.0MB
MD5

e3aa19ccd7229d19494eb3ef35a7af86
SHA1

c9bdfbeb055dc197060bf1686cdca05fb8ec74ef
SHA256

6b3a8f0f9733c288334445b56a84e171e8f277d30d8fadb3c4f43394c91bc540
SHA512

31d266654f20d7b56428eee5709f0f55d98f00b5b1aebb94ecb6abbd2fcd7a55825e854e4ec838a314e88c02cd206371f4a94a47be49d136118d65176055946b
SSDEEP

49152:ClwF8FZjpg81a2qs9l49gJ/PQp+j6uYKLsRFCQxdc6tn0un9Gsy7lsoHM+vU5wdP:P8HNtZz9l4lvuZkFO2/E7tUWdPH

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b3a8f0f9733c288334445b56a84e171e8f277d30d8fadb3c4f43394c91bc540

Files

6b3a8f0f9733c288334445b56a84e171e8f277d30d8fadb3c4f43394c91bc540
.exe windows:4 windows x86

9d430cb8e8ebaf2d726023be211a226c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetFileAttributesA
UnhandledExceptionFilter
GetDiskFreeSpaceExA
GetACP
TerminateProcess
HeapSize
RaiseException
RtlUnwind
CreateFileA
Process32First
Process32Next
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
VirtualAlloc
VirtualFree
GetCurrentProcessId
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetStdHandle
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTickCount
GetLocalTime
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
Sleep
IsDebuggerPresent
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
FreeEnvironmentStringsA
VirtualProtect
CloseHandle
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetCurrentThreadId
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers

user32

DrawTextA
GrayStringA
DispatchMessageA
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
TranslateMessage
CallWindowProcA
GetSystemMetrics
PeekMessageA
OpenClipboard
EmptyClipboard
CloseClipboard
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
wsprintfA
MessageBoxA
GetWindowInfo
CreateWindowStationA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
SetForegroundWindow
SetWindowsHookExA
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
TabbedTextOutA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetDlgCtrlID
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
DestroyMenu

advapi32

RegEnumKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
send
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetObjectA
Escape

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d430cb8e8ebaf2d726023be211a226c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

gdi32

winspool.drv

comctl32

Sections

.text Size: 348KB - Virtual size: 345KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 3.6MB - Virtual size: 3.7MB

.rsrc Size: 4KB - Virtual size: 596B

.text
Size: 348KB - Virtual size: 345KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 3.6MB - Virtual size: 3.7MB

.rsrc
Size: 4KB - Virtual size: 596B