blackmoon | 1b1dc1e10ce9d55f7a3da48924be9bb7fa0c702e35412fd2b8c2a1c0974b90ee

Sharing

Copy URL Twitter E-mail

General

Target

1b1dc1e10ce9d55f7a3da48924be9bb7fa0c702e35412fd2b8c2a1c0974b90ee
Size

1.6MB
MD5

5adb232264f8ebfb90ce6340cdcd2685
SHA1

5eed3fde083cfa7514bd53731e0a02a1812e9633
SHA256

1b1dc1e10ce9d55f7a3da48924be9bb7fa0c702e35412fd2b8c2a1c0974b90ee
SHA512

e7fe464db7775abebda76e180b390a2e468a96bae52441f88a37b49e4d1f9ce0bb4fa812c41efbd1dcd97b69f0a3b2c0942c99d3f086c7bc69acacc23b844dc2
SSDEEP

24576:ejYXsuzfhwHOWKnU4hfM15Qtz0SatUAD9E+YvZIkAZ26xpkzg23gwrrWq:eOfg2U4hw5QtpaGADCjSkAl2HWq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b1dc1e10ce9d55f7a3da48924be9bb7fa0c702e35412fd2b8c2a1c0974b90ee

Files

1b1dc1e10ce9d55f7a3da48924be9bb7fa0c702e35412fd2b8c2a1c0974b90ee
.exe windows:4 windows x86 arch:x86

18f423bd51e4c5bc50ac9958c7501416

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetVersionExA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetCommandLineA
DeleteFileA
SetEndOfFile
SetFilePointer
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetLocalTime
FindClose
FindFirstFileA
FindNextFileA
GetTickCount
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
SetWaitableTimer
CreateWaitableTimerA
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
QueryDosDeviceW
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateThread
CreateThread
TerminateProcess
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLastError
Sleep
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
DeleteCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
MulDiv
FlushFileBuffers
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetEnvironmentVariableA
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA
RtlMoveMemory
LocalSize
IsBadCodePtr
MultiByteToWideChar
lstrlenA
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetModuleHandleA
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess

user32

RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
DefWindowProcA
GetDlgCtrlID
EndDialog
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetMessageTime
GetMessagePos
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
IsDialogMessageA
MsgWaitForMultipleObjects
SetWindowPos
SetForegroundWindow
FindWindowExA
PostMessageW
SendMessageA
LoadCursorA
SetCursor
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendDlgItemMessageA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
IsWindow
GetMenuItemCount
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
GetActiveWindow
SetActiveWindow
GetSystemMetrics
GetWindowRect
GetClassNameA
GetWindowThreadProcessId
GetMenuState
FindWindowA
ReleaseDC
GetDC
SystemParametersInfoA
UpdateWindow
ShowWindow
GetDlgItem
SetWindowLongA
GetCursorPos
GetWindowTextA
GetWindowLongA
IsWindowVisible
PtInRect
GetWindow
SetWindowsHookExA
GetLastActivePopup
PostMessageA
PostQuitMessage
SetWindowTextA

advapi32

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptAcquireContextA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize

shlwapi

PathIsDirectoryW

gdi32

SelectObject
DeleteDC
DeleteObject
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
SetTextColor
SetBkColor
RestoreDC
GetObjectA
GetStockObject
SaveDC

wininet

InternetSetOptionA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetCookieA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA

psapi

GetProcessImageFileNameW

oledlg

ord8

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear

ws2_32

closesocket
send
select
WSAStartup
WSACleanup
recv

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18f423bd51e4c5bc50ac9958c7501416

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

gdi32

wininet

psapi

oledlg

oleaut32

ws2_32

winspool.drv

comctl32

rasapi32

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 1.2MB - Virtual size: 1.4MB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 1.2MB - Virtual size: 1.4MB

.rsrc
Size: 20KB - Virtual size: 17KB