blackmoon | 623567250e6373fb4d6a7d6cce9e2ce07c4e12c761ab6e52d194e548e28c4e53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

623567250e6373fb4d6a7d6cce9e2ce07c4e12c761ab6e52d194e548e28c4e53
Size

948KB
MD5

edd91ace9faea448b57c9854909f8042
SHA1

3c26e863271bc9bb070dcaaa0866b25c66e58d98
SHA256

623567250e6373fb4d6a7d6cce9e2ce07c4e12c761ab6e52d194e548e28c4e53
SHA512

ca59a94761e385136e2b91f937f3b7ad12726f263d769f82859c0db5d5a26a7b31151321aa8646c9a0818b39d63d773db8741c50ab668826ffd101a446fc0457
SSDEEP

6144:av5F5Ze47m0g5DfQ6g+aE6o3MnHE6o3MnHE6o3MnHE6o3MnHE6o3MnfJ:av5FTL7mdQ6MEqEqEqEqE

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
623567250e6373fb4d6a7d6cce9e2ce07c4e12c761ab6e52d194e548e28c4e53

Files

623567250e6373fb4d6a7d6cce9e2ce07c4e12c761ab6e52d194e548e28c4e53
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

bukeni
jzrundll
jzrundll2

Sections

.text
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pb
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pbrlc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE