blackmoon | 07ea5a18ccdc25a8bb53ae695220e5034838b39b5eb17e4873e1f33e4e12f078 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07ea5a18ccdc25a8bb53ae695220e5034838b39b5eb17e4873e1f33e4e12f078
Size

9.1MB
MD5

7f9c039cd73023afb320c3b1926f34db
SHA1

8583acca7b32b8f8d21af6a0fd9d1fb06b3cdbb9
SHA256

07ea5a18ccdc25a8bb53ae695220e5034838b39b5eb17e4873e1f33e4e12f078
SHA512

326035208172a0258f349f0448bd7e1a8324e5b71c734a289ad33e47c232295bfa417613b6c67f70bc79894dd7dc98adb3068858e79cf5366d05d31e4bd7ff6c
SSDEEP

196608:RbsJfII0XDcawVSt38PY5Y3/EUtW05ERlhJN5njfgck9SOALBJscocsEf+qgIbyH:RbwIIyDcaMOMaer0n7x5nsnsOyJxoctK

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
07ea5a18ccdc25a8bb53ae695220e5034838b39b5eb17e4873e1f33e4e12f078
unpack001/out.upx

Files

07ea5a18ccdc25a8bb53ae695220e5034838b39b5eb17e4873e1f33e4e12f078
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ