blackmoon | 67c3e08d6319dcddb84cf1dd02862082 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67c3e08d6319dcddb84cf1dd02862082
Size

247KB
MD5

67c3e08d6319dcddb84cf1dd02862082
SHA1

116efb49ad73ef023c506bf53658766cceb5e58d
SHA256

ff856a594f9ef2ac77f946b7ebbc2cebca3f3f09dba7c388f5189d07dd9f7d42
SHA512

f32f3be939a5dfe92eff7d47b6cdcb3786c0d0234c239814d9672573afeb46b8774e49d365a7c51145532c78d5d907ba98c28bfd32ea5408a59d3dae6a6fff63
SSDEEP

3072:AA/72K46TjGcEfSkKV7ldlg2999BoWrSWYVRa2ezBrwGcOFk0zvt9c4KtiyQGdTi:l/7/jifpERn9ilY3GGFvD3GlXAEy

Score

10^/10

upx blackmoon gh0strat

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
67c3e08d6319dcddb84cf1dd02862082
unpack001/out.upx

Files

67c3e08d6319dcddb84cf1dd02862082
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 608KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 244KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 516KB - Virtual size: 647KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ