blackmoon | a8adb5102a6282d395dde5b6176b52a72d1173a7a8e65c84b7af904f6abb3813

Sharing

Copy URL Twitter E-mail

General

Target

a8adb5102a6282d395dde5b6176b52a72d1173a7a8e65c84b7af904f6abb3813
Size

1.6MB
MD5

45a3f996eb91ed521c6e5dba15916e85
SHA1

4521f2ece292f944a9052c315a13ad84efbaea64
SHA256

a8adb5102a6282d395dde5b6176b52a72d1173a7a8e65c84b7af904f6abb3813
SHA512

4012ba5ffdc72af41d2d62aace03d312ecf3c9e86c26068134e1da821a9a45bd94e3b7c1d122ab058c5a11f1ca8cad8768b9a8128fbdb7733ffe00b2d484f6f0
SSDEEP

24576:6YX+q3xPYLUx/poVyYruzToBCgTvB6Sy+Jn2tHkYu2i2uvC6yQamssopF7cVpV:6KxWTYSy+JAkd2uvC6yQazsoLcVH

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

a8adb5102a6282d395dde5b6176b52a72d1173a7a8e65c84b7af904f6abb3813
.dll windows:4 windows x86 arch:x86

ad949ba88eca426447fd9047681deb00

Code Sign

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2
Certificate

Issuer

CN=Certera Code Signing CA,O=Certera,C=US

Not Before

08/05/2023, 00:00

Not After

07/05/2024, 23:59

Subject

CN=黄胤彰,O=黄胤彰,ST=广西壮族自治区,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

07/09/2022, 00:00

Not After

06/09/2032, 23:59

Subject

CN=Certera Code Signing CA,O=Certera,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:51:2f:c7:c7:aa:c3:0b
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2002, 00:00

Not After

20/09/2052, 23:59

Subject

CN=DigiCert Timestamp 2023 - 1,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

39:85:0d:35:b4:f3:d8:9b
Certificate

Issuer

CN=DigiCert Assured ID Root CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/05/2000, 00:00

Not After

07/05/2060, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:0a:9f:10:31:10:f1:0a:1c:dc:55:6b:de:de:e3:33:96:93:74:d0
Signer

Actual PE Digest

93:0a:9f:10:31:10:f1:0a:1c:dc:55:6b:de:de:e3:33:96:93:74:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA

ws2_32

inet_ntoa

user32

SetWindowPos

iphlpapi

SendARP

shlwapi

PathFileExistsA

gdi32

TextOutA

advapi32

RegSetValueExA

ole32

CoCreateInstance

psapi

GetProcessImageFileNameW

oleaut32

VariantCopy

winspool.drv

DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

wininet

InternetCanonicalizeUrlA

rasapi32

RasHangUpA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m

Sections

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 988KB - Virtual size: 988KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad949ba88eca426447fd9047681deb00

Code Sign

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2Certificate

Extended Key Usages

Key Usages

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0eCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

78:51:2f:c7:c7:aa:c3:0bCertificate

Extended Key Usages

Key Usages

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38Certificate

Key Usages

39:85:0d:35:b4:f3:d8:9bCertificate

Extended Key Usages

Key Usages

93:0a:9f:10:31:10:f1:0a:1c:dc:55:6b:de:de:e3:33:96:93:74:d0Signer

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

shlwapi

gdi32

advapi32

ole32

psapi

oleaut32

winspool.drv

shell32

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 672KB - Virtual size: 672KB

.sedata Size: 988KB - Virtual size: 988KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2
Certificate

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

78:51:2f:c7:c7:aa:c3:0b
Certificate

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

39:85:0d:35:b4:f3:d8:9b
Certificate

93:0a:9f:10:31:10:f1:0a:1c:dc:55:6b:de:de:e3:33:96:93:74:d0
Signer

.text
Size: 672KB - Virtual size: 672KB

.sedata
Size: 988KB - Virtual size: 988KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB