blackmoon | 6ff8f71b67bed708cdda11d68aab5a1c6d6f78edec2a52e5694e2c25d514b6cf

Sharing

Copy URL Twitter E-mail

General

Target

6ff8f71b67bed708cdda11d68aab5a1c6d6f78edec2a52e5694e2c25d514b6cf
Size

13.6MB
MD5

b00bd8906447b068f470fe07ed3e4dac
SHA1

b32e4610b186dedafb8240329fff26522865d2be
SHA256

6ff8f71b67bed708cdda11d68aab5a1c6d6f78edec2a52e5694e2c25d514b6cf
SHA512

16b94ec58bbd2544fabaf1e11fbac352f7e304440927f370686e8a894ad80d840ccfdfbf65c0f3cb16f4ca8a4bfc921b83f3a72c1aa46da0f877d9cabf835ffb
SSDEEP

393216:7+GIsHT1CxC+7/DhGDQwcoOsVhWNzcyHz:KGIsh2DpGfjjwjz

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ff8f71b67bed708cdda11d68aab5a1c6d6f78edec2a52e5694e2c25d514b6cf

Files

6ff8f71b67bed708cdda11d68aab5a1c6d6f78edec2a52e5694e2c25d514b6cf
.exe windows:4 windows x86 arch:x86

13fd28cc1d63bead0bfeacecb7567e79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendStringA

kernel32

CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
MultiByteToWideChar
LocalAlloc
CreateDirectoryW
LocalFree
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
SetFilePointer
Sleep
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetTickCount
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
WaitForSingleObject
FindFirstFileW
MulDiv
FlushFileBuffers
lstrcpynA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
FindClose
GetCurrentProcessId
GetLocalTime
lstrlenA
IsBadCodePtr
RtlMoveMemory
IsBadReadPtr
lstrlenW
RtlZeroMemory
GetCurrentProcess
OpenProcess
TerminateProcess
DeleteFileA
WideCharToMultiByte
CreateThread
GetDiskFreeSpaceExA
CreateWaitableTimerA
SetWaitableTimer
GetExitCodeThread
TerminateThread
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapDestroy
LCMapStringA
LoadLibraryA
GetCommandLineA
GetFileSize
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetFileAttributesA
CreateFileA
WriteFile
GetModuleFileNameA
HeapCreate
lstrcmpW
lstrcmpiW
VirtualAlloc
VirtualFree
GetModuleHandleA
HeapReAlloc
ExitProcess

user32

CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
IsIconic
GetWindowPlacement
SetFocus
SetWindowPos
IsDialogMessageA
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
EndDialog
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
SetWindowTextA
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
FindWindowA
GetWindowThreadProcessId
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
DefWindowProcA
GetTopWindow
GetCursorPos
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageW
LoadCursorW
LoadCursorFromFileW
SetTimer
CallWindowProcA
MsgWaitForMultipleObjects
FindWindowExA
SetWindowLongA
ReleaseDC

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoRevokeClassObject

shlwapi

PathIsDirectoryW
StrToIntW
PathFileExistsA
StrToIntExW

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetObjectA
GetStockObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
ScaleViewportExtEx

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
VariantInit
SafeArrayAllocDescriptor

oledlg

ord8

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

ws2_32

select
recv
send
WSACleanup
WSAStartup
closesocket

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.0MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13fd28cc1d63bead0bfeacecb7567e79

Headers

File Characteristics

Imports

winmm

kernel32

user32

ole32

shlwapi

gdi32

oleaut32

oledlg

advapi32

shell32

ws2_32

winspool.drv

comctl32

wininet

rasapi32

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 9.0MB - Virtual size: 9.2MB

.rsrc Size: 356KB - Virtual size: 352KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 9.0MB - Virtual size: 9.2MB

.rsrc
Size: 356KB - Virtual size: 352KB