blackmoon | NEAS[.]007e660512db38115d044885db32ad20_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.007e660512db38115d044885db32ad20_JC.exe
Size

5.5MB
MD5

007e660512db38115d044885db32ad20
SHA1

c39645f6e5826f0b3c24ebf0743358d0855b1e9e
SHA256

d24e8c1b20138d9982b4b23205a5617616313b0944d83f0e2b011f00e040afb5
SHA512

2175e578ee50241d7405435f5f15f92f63b3b37da315e21ec71164dbb0500d64f120948bf325d666f6b15205f7f368bd8e8cb5cd799742ec3d9b6420e36ce43c
SSDEEP

98304:Nq8JS8eJcXxN9cJaQwtkmtjPqzG8rrQow0EUsybUPe:c8JS8eExzcJaQ/mJPkG8/Qow0EWbt

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.007e660512db38115d044885db32ad20_JC.exe

Files

NEAS.007e660512db38115d044885db32ad20_JC.exe
.exe windows:4 windows

3dd44810d615a22ea1ce0fa7ee25e69e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetCommandLineA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
GetLocalTime
GetUserDefaultLCID
WideCharToMultiByte
GetFileSize
InterlockedExchange
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
WriteFile
ReadFile
SetFilePointer
MoveFileA
RemoveDirectoryA
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
GetFileAttributesA
GetTickCount
SetFileAttributesA
CopyFileA
IsBadReadPtr
HeapReAlloc
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalSize
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
GetModuleHandleA
GetDriveTypeA
GetLogicalDriveStringsA
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
DeleteFileA
GetPrivateProfileSectionA
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
GetTimeFormatA
GetDateFormatA
CreateProcessW
LockResource
LoadResource
SizeofResource
FindResourceA
MulDiv
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
TerminateProcess
GetCurrentProcess
CloseHandle
CreateThread
MultiByteToWideChar
GetModuleFileNameA
RtlMoveMemory
LocalSize
SetErrorMode
GetLastError
GlobalFindAtomA
GlobalFlags
TlsGetValue
LocalReAlloc
InterlockedDecrement
lstrlenA
InterlockedIncrement
GetVersionExA
lstrcpynA
LocalFree
lstrcpyA
SetLastError
lstrcatA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
FlushFileBuffers
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue

user32

PtInRect
GetWindow
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
GrayStringA
UnhookWindowsHookEx
CreateDialogIndirectParamA
SetActiveWindow
GetMenuDefaultItem
IsDialogMessageA
GetWindowPlacement
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
LoadCursorA
SetWindowLongA
PostMessageA
LoadIconA
SetLayeredWindowAttributes
GetSystemMetrics
SendMessageA
CopyImage
CopyIcon
GetDC
ReleaseDC
CallWindowProcA
GetDlgCtrlID
BeginPaint
EndPaint
GetAsyncKeyState
DefWindowProcA
GetClientRect
EndDialog
DestroyWindow
DefMDIChildProcA
SetCursor
TrackMouseEvent
DestroyIcon
PostQuitMessage
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
DispatchMessageA
TranslateMessage
GetPropA
GetMessageA
PeekMessageA
SystemParametersInfoA
MessageBoxA
SetPropA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
IsWindow
GetClassNameA
SetFocus
GetFocus
GetWindowRect
GetParent
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
SetWindowPos
SetParent
RemovePropA
SetWindowRgn
SetRect
GetClassLongA
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
LoadImageA
GetCursorPos
DrawTextA
KillTimer
SetTimer
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
IsWindowVisible

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

oleaut32

VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
CreateCompatibleBitmap
FillRgn
SetTextColor
SetBkMode
FrameRgn
SetBkColor
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetMalloc
SHGetPathFromIDList
SHBrowseForFolder
SHGetSpecialFolderPathA
ShellExecuteW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddIcon
ImageList_GetIconSize
ImageList_Add
ImageList_AddMasked
ImageList_Copy
ImageList_Duplicate
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_GetIcon
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_GetImageInfo
ImageList_Write
ImageList_Read
ImageList_Draw
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
InitCommonControlsEx
ord17

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3dd44810d615a22ea1ce0fa7ee25e69e

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 5.0MB - Virtual size: 5.1MB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 5.0MB - Virtual size: 5.1MB

.rsrc
Size: 16KB - Virtual size: 13KB