blackmoon | 755797f1958b28d719dc55fde0e541e2db60c8f0f64c864c8209eefb0567fa6c

Sharing

Copy URL Twitter E-mail

General

Target

755797f1958b28d719dc55fde0e541e2db60c8f0f64c864c8209eefb0567fa6c
Size

1.6MB
MD5

648b756d9c65c400418fc40b6d58f0d7
SHA1

15beda1c92845cb1eb1ace173093c2f4cfb9cf52
SHA256

755797f1958b28d719dc55fde0e541e2db60c8f0f64c864c8209eefb0567fa6c
SHA512

cb5fee97f91f412da35610401730a94a90470ad7a57914bc740772b61f5b8a18482ea8df1f54b17fd9b4ec81e51bbde6d95cc5660611e0baa25bfa872dc4888a
SSDEEP

24576:OULeulHmQG/C9r7GQr6qzoBCgTvBCklrOwfW/qnZLTwCP/lM1Zdf1eji8m9sAz4x:O5MXSTvNfW/qt0ksTQOsAz2cbijHHNDF

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

755797f1958b28d719dc55fde0e541e2db60c8f0f64c864c8209eefb0567fa6c
.dll windows:4 windows x86 arch:x86

ad949ba88eca426447fd9047681deb00

Code Sign

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2
Certificate

Issuer

CN=Certera Code Signing CA,O=Certera,C=US

Not Before

08/05/2023, 00:00

Not After

07/05/2024, 23:59

Subject

CN=黄胤彰,O=黄胤彰,ST=广西壮族自治区,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

07/09/2022, 00:00

Not After

06/09/2032, 23:59

Subject

CN=Certera Code Signing CA,O=Certera,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:51:2f:c7:c7:aa:c3:0b
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2002, 00:00

Not After

20/09/2052, 23:59

Subject

CN=DigiCert Timestamp 2023 - 1,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

39:85:0d:35:b4:f3:d8:9b
Certificate

Issuer

CN=DigiCert Assured ID Root CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/05/2000, 00:00

Not After

07/05/2060, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:90:94:7d:8e:12:9a:bd:8c:2d:ff:36:87:5a:46:89:f4:c8:31:59
Signer

Actual PE Digest

c0:90:94:7d:8e:12:9a:bd:8c:2d:ff:36:87:5a:46:89:f4:c8:31:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA

ws2_32

inet_ntoa

user32

SetWindowPos

iphlpapi

SendARP

shlwapi

PathFileExistsA

gdi32

TextOutA

advapi32

RegSetValueExA

ole32

CoCreateInstance

psapi

GetProcessImageFileNameW

oleaut32

VariantCopy

winspool.drv

DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

wininet

InternetCanonicalizeUrlA

rasapi32

RasHangUpA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m

Sections

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 976KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad949ba88eca426447fd9047681deb00

Code Sign

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2Certificate

Extended Key Usages

Key Usages

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0eCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

78:51:2f:c7:c7:aa:c3:0bCertificate

Extended Key Usages

Key Usages

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38Certificate

Key Usages

39:85:0d:35:b4:f3:d8:9bCertificate

Extended Key Usages

Key Usages

c0:90:94:7d:8e:12:9a:bd:8c:2d:ff:36:87:5a:46:89:f4:c8:31:59Signer

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

shlwapi

gdi32

advapi32

ole32

psapi

oleaut32

winspool.drv

shell32

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 672KB - Virtual size: 672KB

.sedata Size: 976KB - Virtual size: 976KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

10:10:d6:35:de:1a:66:92:0d:aa:cc:3a:ef:c7:f1:a2
Certificate

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

78:51:2f:c7:c7:aa:c3:0b
Certificate

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

39:85:0d:35:b4:f3:d8:9b
Certificate

c0:90:94:7d:8e:12:9a:bd:8c:2d:ff:36:87:5a:46:89:f4:c8:31:59
Signer

.text
Size: 672KB - Virtual size: 672KB

.sedata
Size: 976KB - Virtual size: 976KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB