blackmoon | NEAS[.]148ca0d0814389eedd8de544e0dc85f1749e82d7bb7a054f6289756c740e3140_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.148ca0d0814389eedd8de544e0dc85f1749e82d7bb7a054f6289756c740e3140_JC.exe
Size

3.5MB
MD5

ea10ecd6edc97084a6f1d9f62d148f1a
SHA1

4125dcde8fb2eb9be7f3d11fb7892b12bc165e9b
SHA256

148ca0d0814389eedd8de544e0dc85f1749e82d7bb7a054f6289756c740e3140
SHA512

a9cc9928eadfe465ac48ae980fd8984e14238d03c25b3f4ef72a9977c8e4008037cf8db298b6e275b1a3291c094843bcefabd9e13d6d7496d8baa12ece9cb29b
SSDEEP

49152:AZIRVn3avWcw4ZrIPsbvOAnYXR3z53wJWqp:aIXXcwhEzPijE1

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.148ca0d0814389eedd8de544e0dc85f1749e82d7bb7a054f6289756c740e3140_JC.exe

Files

NEAS.148ca0d0814389eedd8de544e0dc85f1749e82d7bb7a054f6289756c740e3140_JC.exe
.exe windows:4 windows x86

351170bd06fb7b0f09af8b953e09d225

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
WriteProcessMemory
SetStdHandle
VirtualQueryEx
CreateFileA
ReadProcessMemory
GetTempPathA
MultiByteToWideChar
SetWaitableTimer
CreateWaitableTimerA
SetProcessWorkingSetSize
Process32Next
Process32First
Module32Next
IsBadCodePtr
WaitForSingleObject
VirtualAllocEx
GetWindowsDirectoryA
CreateThread
VirtualFreeEx
GetNativeSystemInfo
LoadLibraryExA
CreateRemoteThread
GetExitCodeThread
VirtualProtect
RtlFillMemory
ReadFile
GetFileSize
GetUserDefaultLCID
DeviceIoControl
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetEnvironmentVariableA
LCMapStringA
FreeLibrary
Module32First
CreateToolhelp32Snapshot
WideCharToMultiByte
RtlMoveMemory
CloseHandle
IsWow64Process
OpenProcess
SetFileAttributesA
GetProcAddress
DeleteFileA
WriteFile
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetModuleFileNameA
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
lstrcpyn
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetVersion
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCurrentProcess
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
GetCommandLineA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
GetVersion
GetTimeZoneInformation
SetLastError
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
FindResourceA
LoadResource
LockResource
ReadFile
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
DeleteFileA
MoveFileA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA

user32

IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
ShowWindow
GetWindowPlacement
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
PeekMessageA
GetMessageA
SetWindowPos
SetWindowLongA
TranslateMessage
GetSystemMetrics
GetDlgItem
WinHelpA
FindWindowA
WindowFromPoint
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
SetFocus
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
GetClassInfoA
CallNextHookEx
CreateWindowExA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
SetPropA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
UnregisterClassA
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetDesktopWindow
GetClassNameA
GetDlgItem
GetWindowTextA
GetForegroundWindow
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
ReleaseCapture
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
GetWindowLongA
SendDlgItemMessageA
PtInRect

advapi32

RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
StartServiceA
ControlService
DeleteService
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

gdi32

GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
PathToRegion
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
Rectangle

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17
ImageList_GetImageCount
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Read
ImageList_Duplicate

shlwapi

StrToIntExA
PathFileExistsA

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize
OleInitialize
CLSIDFromString
OleUninitialize

oleaut32

VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SysAllocString
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
SafeArrayCreate
SafeArrayDestroy
LHashValOfNameSys
LoadTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

winmm

waveOutPrepareHeader
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutUnprepareHeader

ws2_32

recvfrom
inet_ntoa
WSACleanup
closesocket
WSAAsyncSelect
accept
getpeername
recv
ioctlsocket

shell32

ShellExecuteA
Shell_NotifyIconA

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA
GetFileTitleA

Sections

.text
Size: 1.5MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351170bd06fb7b0f09af8b953e09d225

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

winspool.drv

comctl32

shlwapi

ole32

oleaut32

winmm

ws2_32

shell32

comdlg32

Sections

.text Size: 1.5MB - Virtual size: 1.4MB

.rdata Size: 332KB - Virtual size: 330KB

.data Size: 1.7MB - Virtual size: 1.9MB

.rsrc Size: 88KB - Virtual size: 86KB

.text
Size: 1.5MB - Virtual size: 1.4MB

.rdata
Size: 332KB - Virtual size: 330KB

.data
Size: 1.7MB - Virtual size: 1.9MB

.rsrc
Size: 88KB - Virtual size: 86KB