blackmoon | 7eac1b3fbf67b7f024fe57cde16b1995 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7eac1b3fbf67b7f024fe57cde16b1995
Size

266KB
MD5

7eac1b3fbf67b7f024fe57cde16b1995
SHA1

8be3165abcbdbaa81a1d37a7121d9188586c2693
SHA256

68a07fcc41267c706cec8b10d8e3e10a7808cfd235ecd4c291b824b517522beb
SHA512

cfe0f60099c622a9a080902211262c96832e0ce090ada1ccf250935bfd6c880316b82eaae0ca2a9844987a39fa688854afa704562b8b0650c234a1401ffe6f92
SSDEEP

6144:tb5eJ3YJ/ZeRR5rhZFQGrsUwF7vlPoSS:tb5820R5nWFpPoS

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7eac1b3fbf67b7f024fe57cde16b1995

Files

7eac1b3fbf67b7f024fe57cde16b1995
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ