Behavioral task
behavioral1
Sample
NEAS.bd4a9a3d01ba698ddd4a6485f3ffe2e0.exe
Resource
win7-20230831-en
General
-
Target
NEAS.bd4a9a3d01ba698ddd4a6485f3ffe2e0.exe
-
Size
135KB
-
MD5
bd4a9a3d01ba698ddd4a6485f3ffe2e0
-
SHA1
cc5cc3fd335bb128c2de949ddb7cc5c70d3838bd
-
SHA256
7dc596e069d7322677f18e68bbb14cd87bc42a6e5b7480db86b1060c855f0a9b
-
SHA512
13b5e9cd98bf5e84d53e9a5185185dda9eae878508b62873663236c5c5264530d2a7e7412102a57a359e8055889efad8443a34e730d032fd4fac2b9aac5764cd
-
SSDEEP
1536:Md+zUtBIBU+2Da4lH4Iiue58o/ZDv4GMfcHZIlVKAn5ZAcXeOqbZ6NjkY:OqSe5OmiEoAcCbZ6D
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.bd4a9a3d01ba698ddd4a6485f3ffe2e0.exe
Files
-
NEAS.bd4a9a3d01ba698ddd4a6485f3ffe2e0.exe.exe windows:4 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE