blackmoon | 2c4687a77fced1e31c627a15908a298d5defc2860c40888809e07a9359700e81 | Triage

Sharing

General

Target

2c4687a77fced1e31c627a15908a298d5defc2860c40888809e07a9359700e81
Size

495KB
MD5

03ccdefa081be7a0396d8b9aae3c9a16
SHA1

363cbd3590d629319a0f0afae59162b4af1e7040
SHA256

2c4687a77fced1e31c627a15908a298d5defc2860c40888809e07a9359700e81
SHA512

642bf3038b1edb8ddf9074ecca25b6d04024f673e06fb290456169ba19c5d9efc88afc87bdcfd744d4ec39af518720c39cb10ceda0915d5b4a87d320165d70ca
SSDEEP

12288:2fTp71Cnpola/asQJCMmj9bBoUi0HPi0YWnJBFQ5uRyv:2fD7sdvj9bBoJQ60lnC5uRyv

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c4687a77fced1e31c627a15908a298d5defc2860c40888809e07a9359700e81

Files

2c4687a77fced1e31c627a15908a298d5defc2860c40888809e07a9359700e81
.exe windows:4 windows x86 arch:x86

a8e47b367b01c36229869558ba747205

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynW
HeapFree
GetModuleFileNameA
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
RtlMoveMemory
GetStdHandle
Sleep
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
HeapAlloc
WriteFile
GetProcessHeap

user32

DispatchMessageA
GetMessageA
MessageBoxA
GetWindowThreadProcessId
IsWindow
PeekMessageA
wsprintfA
TranslateMessage
FindWindowA

msvcrt

free
sprintf
rand
atoi
_ftol
strrchr
strchr
malloc
strstr
_stricmp

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 475KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ