blackmoon | a9b0ce2acb415072923b32749e3a7da3c27aebce7ef28fe37123a5da65567aad

Sharing

Copy URL Twitter E-mail

General

Target

a9b0ce2acb415072923b32749e3a7da3c27aebce7ef28fe37123a5da65567aad
Size

151KB
MD5

6680e1fb3b5fa4025515fafc0a54eef0
SHA1

0ef56923bc187bd1f710c7dae280085df81420fb
SHA256

a9b0ce2acb415072923b32749e3a7da3c27aebce7ef28fe37123a5da65567aad
SHA512

2cca3c9fe1d4380726419e595b229f42598513aadcc8b9b957fc8e14398005992d00e670b7039119ad3b8c2648a8923f0cf2d0c92d0eff449a6b1a075ea637c9
SSDEEP

3072:RQl1IlmiN0izCcvLozLmLkY5AAtxbDpzhqSz:RqqvEdYJtrzoSz

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b0ce2acb415072923b32749e3a7da3c27aebce7ef28fe37123a5da65567aad

Files

a9b0ce2acb415072923b32749e3a7da3c27aebce7ef28fe37123a5da65567aad
.exe windows:4 windows x86 arch:x86

597ba814fdd535f18947e0d5092f7f06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrcpyn
GetModuleFileNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
ExitProcess
IsDebuggerPresent
LocalAlloc
LocalFree
IsBadReadPtr
OpenProcess
GetProcessHeap
GetModuleHandleA
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameA
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
WideCharToMultiByte
MoveFileA
Sleep
WaitForSingleObject
CreateProcessA
GetStartupInfoA
WriteFile
CreateFileA
SetFileAttributesA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
lstrlenW
GetTickCount
Process32Next
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
CreateDirectoryA
GetCurrentThreadId
CloseHandle
Process32First
CreateToolhelp32Snapshot
IsBadCodePtr
CreateEventA
GetUserDefaultLCID
OpenEventA

user32

DispatchMessageA
GetParent
GetClassNameA
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
IsIconic
OpenIcon
AttachThreadInput
SetActiveWindow
MessageBoxA
wsprintfA
IsWindowVisible
FindWindowExA
GetWindowThreadProcessId
TranslateMessage
GetMessageA
PeekMessageA

advapi32

CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextA

shell32

SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathA

ole32

OleRun
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA

winhttp

WinHttpCheckPlatform
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCrackUrl

oleaut32

VariantInit
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy

msvcrt

memmove
strncmp
__CxxFrameHandler
modf
realloc
strrchr
srand
_CIfmod
malloc
free
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
_ftol
atoi
sprintf
_stricmp

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

597ba814fdd535f18947e0d5092f7f06

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

winhttp

oleaut32

msvcrt

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 13KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 732B

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 13KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 732B