Behavioral task
behavioral1
Sample
NEAS.6a1993c53f0b978d34e0ef3c839a5210.exe
Resource
win7-20231025-en
General
-
Target
NEAS.6a1993c53f0b978d34e0ef3c839a5210.exe
-
Size
407KB
-
MD5
6a1993c53f0b978d34e0ef3c839a5210
-
SHA1
9d26c0b4ac1499a359779dfe496a48ec4b233a4e
-
SHA256
0b64f57d15f527a7783f30f36fb7bd6efe1dfe246dde443e1c327b36feb7631b
-
SHA512
bcaf64eb7253c238456c016ebfc1e1af801fc8562cf420f649c75176c3222c0605b6eac2805ea329106e3d412618e7859071003bd8aed5caa7052000c31248b8
-
SSDEEP
6144:K5/YZ58drqrhGcbLhmvjSN6jZhixVK/B/zIydenCn:K5/Q58drihGiLhmGNiZsx0B/zIkenCn
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.6a1993c53f0b978d34e0ef3c839a5210.exe
Files
-
NEAS.6a1993c53f0b978d34e0ef3c839a5210.exe.exe windows:4 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 328KB - Virtual size: 328KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 72KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE