blackmoon | aaae4313a88e24a04dfeeaf9fedeef318137c15b5c251f485815a87de5f13d62

Sharing

Copy URL Twitter E-mail

General

Target

aaae4313a88e24a04dfeeaf9fedeef318137c15b5c251f485815a87de5f13d62
Size

1.7MB
MD5

a0131e39d98ae6415b643cc73cc3c629
SHA1

dd4a078fafc5c11e7d277fc2072760f417648dc6
SHA256

aaae4313a88e24a04dfeeaf9fedeef318137c15b5c251f485815a87de5f13d62
SHA512

4ca8deed156a2fc93eae56b2437f9ebb96546b28bae0c0a824b783934bc95fdbfe33c5f620696a9cb257b9a737971b0ecc77f23134fb71b535d7fa9ee963a2a4
SSDEEP

24576:DUupgcmUxxDnJPa0Vd9ZIPoBCgTvB0jonpKJM0aF8/rdEgAR6xaS5hDYHNfuivJQ:DUoVZnT4onpIMOm4/DoN2ivqd

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

aaae4313a88e24a04dfeeaf9fedeef318137c15b5c251f485815a87de5f13d62
.dll windows:4 windows x86 arch:x86

ad949ba88eca426447fd9047681deb00

Code Sign

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2
Certificate

Issuer

CN=Certera Code Signing CA,O=Certera,C=US

Not Before

08/05/2023, 00:00

Not After

07/05/2024, 23:59

Subject

CN=黄胤彰,O=黄胤彰,ST=广西壮族自治区,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

07/09/2022, 00:00

Not After

06/09/2032, 23:59

Subject

CN=Certera Code Signing CA,O=Certera,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:51:2f:c7:c7:aa:c3:0b
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2002, 00:00

Not After

20/09/2052, 23:59

Subject

CN=DigiCert Timestamp 2023 - 1,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

39:85:0d:35:b4:f3:d8:9b
Certificate

Issuer

CN=DigiCert Assured ID Root CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/05/2000, 00:00

Not After

07/05/2060, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:a2:75:d9:09:81:92:07:0e:49:8d:04:f4:0e:80:e6:02:f9:3a:39
Signer

Actual PE Digest

51:a2:75:d9:09:81:92:07:0e:49:8d:04:f4:0e:80:e6:02:f9:3a:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA

ws2_32

inet_ntoa

user32

SetWindowPos

iphlpapi

SendARP

shlwapi

PathFileExistsA

gdi32

TextOutA

advapi32

RegSetValueExA

ole32

CoCreateInstance

psapi

GetProcessImageFileNameW

oleaut32

VariantCopy

winspool.drv

DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

wininet

InternetCanonicalizeUrlA

rasapi32

RasHangUpA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m

Sections

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 992KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad949ba88eca426447fd9047681deb00

Code Sign

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2Certificate

Extended Key Usages

Key Usages

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0eCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

78:51:2f:c7:c7:aa:c3:0bCertificate

Extended Key Usages

Key Usages

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38Certificate

Key Usages

39:85:0d:35:b4:f3:d8:9bCertificate

Extended Key Usages

Key Usages

51:a2:75:d9:09:81:92:07:0e:49:8d:04:f4:0e:80:e6:02:f9:3a:39Signer

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

shlwapi

gdi32

advapi32

ole32

psapi

oleaut32

winspool.drv

shell32

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 672KB - Virtual size: 672KB

.sedata Size: 992KB - Virtual size: 992KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2
Certificate

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

78:51:2f:c7:c7:aa:c3:0b
Certificate

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

39:85:0d:35:b4:f3:d8:9b
Certificate

51:a2:75:d9:09:81:92:07:0e:49:8d:04:f4:0e:80:e6:02:f9:3a:39
Signer

.text
Size: 672KB - Virtual size: 672KB

.sedata
Size: 992KB - Virtual size: 992KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB