blackmoon | b5bbfb11ba78017f2a30db4eedef3472b33addd6f9e5839e8e6ec53662356115 | Triage

Sharing

General

Target

b5bbfb11ba78017f2a30db4eedef3472b33addd6f9e5839e8e6ec53662356115
Size

44KB
MD5

1a71e35c776399166db4420ad3468963
SHA1

3bb62b2dea6a51c8d5aee0523b7f144135a9e646
SHA256

b5bbfb11ba78017f2a30db4eedef3472b33addd6f9e5839e8e6ec53662356115
SHA512

1c37334a453e508c9185d4dd855085e22238b5885a20b8cf60d8ae2684a49584fde0d02af962213293760bef4bfb307d8b03f09cb499cf181534cbf938dbcd85
SSDEEP

768:c3mcjDEyy+9aZCyFQSIT+qzpjzmEM/CueJLSh:c3mcjBy+IZCyFQSIT+01mEuw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5bbfb11ba78017f2a30db4eedef3472b33addd6f9e5839e8e6ec53662356115

Files

b5bbfb11ba78017f2a30db4eedef3472b33addd6f9e5839e8e6ec53662356115
.dll windows:4 windows x86

00f9550366762a9a80c15acafa3cd2b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
VirtualProtect
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
CreateThread
GetLocalTime
Sleep
GetCommandLineA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
LCMapStringA
RtlMoveMemory
FormatMessageA
GetModuleHandleA
GetLastError
IsBadReadPtr

user32

MessageBoxA
GetAsyncKeyState
DispatchMessageA
PeekMessageA
GetMessageA
keybd_event
wsprintfA
TranslateMessage
FindWindowA

advapi32

CryptAcquireContextA

shlwapi

PathFindExtensionA

msvcrt

strstr
sprintf
atoi
_ftol
strrchr
strchr
free
realloc
malloc

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Exports

Exports

Hello
ȡָ��_

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ