blackmoon | NEAS[.]cfa7849c09a477dc554e002ba31b7272383b07c470c5331c330e82f7ee0ca068_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cfa7849c09a477dc554e002ba31b7272383b07c470c5331c330e82f7ee0ca068_JC.exe
Size

4.7MB
MD5

8190d67281d9d373b590ada336e2c607
SHA1

dba82f6fa71df55af43baa5451d32be7f6c35570
SHA256

cfa7849c09a477dc554e002ba31b7272383b07c470c5331c330e82f7ee0ca068
SHA512

61812ed49d5f299024fb2d3635593814a1f3b3b384e4978cfb90b15e60512004e07c7b1a9742ee9fae15a64128a8ab50ece0cccde3a1c837dee5c7eb328ac960
SSDEEP

49152:QAwzewWF5ZQUhTuP4kD7n/+s8KuqGaX0ToIBAUZLY7oz53wJWqW2NDI6u:SzeRF5OUhk4M70JBAUZLq2ETNG

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cfa7849c09a477dc554e002ba31b7272383b07c470c5331c330e82f7ee0ca068_JC.exe

Files

NEAS.cfa7849c09a477dc554e002ba31b7272383b07c470c5331c330e82f7ee0ca068_JC.exe
.exe windows:4 windows x86

0c1eb3549d8b06597285414916974f6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeThread
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GlobalFree
WaitForSingleObject
LoadLibraryExA
VirtualFreeEx
GetNativeSystemInfo
VirtualQuery
CreateRemoteThread
OpenThread
VirtualQueryEx
CreateProcessA
PeekNamedPipe
lstrlenW
SetProcessAffinityMask
RtlZeroMemory
lstrcmpW
lstrcmpiW
ReadFile
GetFileSize
GetUserDefaultLCID
GetDiskFreeSpaceExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
GetACP
LCMapStringA
DeleteFileA
WriteFile
GetTempFileNameA
CopyFileA
DuplicateHandle
VirtualProtect
GetEnvironmentVariableA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
IsBadReadPtr
HeapReAlloc
ExitProcess
DeviceIoControl
CreateFileA
LocalSize
CreateThread
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
IsWow64Process
WideCharToMultiByte
SetWaitableTimer
OpenProcess
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetCommandLineA
lstrcpyn
HeapAlloc
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
GlobalFlags
MulDiv
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GetModuleFileNameA
GetTickCount
lstrlenA
TerminateThread
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
CloseHandle
VirtualAllocEx
lstrcpynW
GetWindowsDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
LoadLibraryA
HeapFree
GetProcessHeap
WriteProcessMemory
ReadProcessMemory
GetTempPathA
Process32Next
Process32First
Module32Next
Module32First
CreateToolhelp32Snapshot
MultiByteToWideChar
SetProcessWorkingSetSize
RtlMoveMemory
CreateWaitableTimerA
GetSystemDirectoryA
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
GetVersion
SetLastError
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
SetStdHandle
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
CopyFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
IsBadCodePtr
InterlockedExchange
GetTimeZoneInformation

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CLSIDFromProgID
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
OleFlushClipboard
CLSIDFromString
CoUninitialize

user32

RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetDlgCtrlID
ClientToScreen
SetFocus
GetDC
ReleaseDC
DrawTextA
GrayStringA
SendDlgItemMessageA
GetWindowPlacement
SystemParametersInfoA
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
GetMenuState
PostThreadMessageA
CreateDialogIndirectParamA
EndDialog
GetFocus
GetWindowRect
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
GetDlgItem
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
CheckMenuItem
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
RegisterClassExA
GetParent
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
GetClassInfoA
GetActiveWindow
DispatchMessageA
MsgWaitForMultipleObjects
PostMessageA
PostQuitMessage
GetWindow
GetKeyState
CallNextHookEx
GetCursorPos
SetWindowsHookExA
DestroyMenu
GetLastActivePopup
SendMessageA
IsZoomed
IsWindow
FindWindowA
EnumWindows
GetAncestor
GetWindowThreadProcessId
WindowFromPoint
GetMessageA
LoadStringA
GetClassNameA
TabbedTextOutA
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetNextDlgTabItem
GetDesktopWindow
GetClassNameA
InvalidateRect
GetDlgItem
GetWindowTextA
GetForegroundWindow
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
wsprintfA
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
UnregisterClassA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
GetParent
GetFocus
GetClientRect
EndDialog
SetRect
SetScrollPos
SetScrollRange
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange

atl

ord42
ord47
ord10
ord11

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
Shell_NotifyIconA
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

gdi32

SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
Escape
CreateBitmap
CreateRoundRectRgn
TextOutA
StretchBlt
RectVisible
CreatePatternBrush
PtVisible
GetDeviceCaps
ScaleWindowExtEx
GetClipBox
SetViewportOrgEx
DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
ExtTextOutA
CombineRgn
CreateSolidBrush
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetWindowExtEx
CreateCompatibleDC
PatBlt
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries

advapi32

LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptHashData
RegOpenKeyA
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
StartServiceA
ControlService
DeleteService
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
ImageList_Destroy
ord17
_TrackMouseEvent

oledlg

ord8

oleaut32

SysAllocString
SafeArrayGetDim
SafeArrayGetElemsize
VariantCopy
SafeArrayAllocDescriptor
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
VarR8FromCy
SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayCreate
VarR8FromBool
SafeArrayAllocData
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
VariantChangeType
VariantClear

shlwapi

StrToIntExA
StrToIntW
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
StrToIntExW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetModuleInformation

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

winmm

waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
waveOutClose
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
PlaySoundA
waveOutUnprepareHeader

ws2_32

inet_ntoa
accept
getpeername
recv
ioctlsocket
recvfrom
WSACleanup
WSAAsyncSelect
closesocket

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 988KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c1eb3549d8b06597285414916974f6a

Headers

File Characteristics

Imports

kernel32

ole32

user32

atl

shell32

gdi32

advapi32

winspool.drv

comctl32

oledlg

oleaut32

shlwapi

version

psapi

msvfw32

avifil32

winmm

ws2_32

comdlg32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 988KB - Virtual size: 985KB

.data Size: 1.8MB - Virtual size: 2.0MB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 988KB - Virtual size: 985KB

.data
Size: 1.8MB - Virtual size: 2.0MB

.rsrc
Size: 32KB - Virtual size: 28KB