blackmoon | a3b3b7522194ef773e8d1b133a79baef66066588c70216719a942f18d0808b22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3b3b7522194ef773e8d1b133a79baef66066588c70216719a942f18d0808b22
Size

2.3MB
MD5

e041cc0e275b29f130dbcaa8ec4dfdab
SHA1

9da3fba56099310b5b2e0d6ebbadff40d5833088
SHA256

a3b3b7522194ef773e8d1b133a79baef66066588c70216719a942f18d0808b22
SHA512

2c32444d3d501f00ef9cbc35a19182405d7af5d527e4dd755bf1a68496c2a6efa45e2021ff749c3864a0cbfa311c3977d130d19474671b266b5095f428b56342
SSDEEP

24576:JVxF7kft1Cf5rqL/b/uQNJIHP6U//3NT+TkC5sGfgzCYMdxBVmV3Z0TUb77AHKNA:JVX7hf5qL/Swi9TUHf6Kx23Z1aKNm06X

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3b3b7522194ef773e8d1b133a79baef66066588c70216719a942f18d0808b22

Files

a3b3b7522194ef773e8d1b133a79baef66066588c70216719a942f18d0808b22
.exe windows:4 windows x86

422ea7756cb02111c5bead5001fe92ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
CloseHandle
WriteFile
CreateFileA
Sleep
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetTickCount
GetCommandLineA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetModuleHandleA
GetModuleFileNameA
GetProcessHeap

user32

TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA
PeekMessageA

msvcrt

modf
_ftol
strrchr
_CIfmod
srand
sprintf
rand

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ