Behavioral task
behavioral1
Sample
6adedce33d9fef43c28df812acc3a1cc742bd5b07e85cb8096506510a94439bd.exe
Resource
win7-20240215-en
General
-
Target
6adedce33d9fef43c28df812acc3a1cc742bd5b07e85cb8096506510a94439bd.exe
-
Size
339KB
-
MD5
ed59faa4c873876024938e54771dfe8f
-
SHA1
5d0bdfd5610981e999808277c361f0452b7248b9
-
SHA256
6adedce33d9fef43c28df812acc3a1cc742bd5b07e85cb8096506510a94439bd
-
SHA512
5b4a6dfd15a03c21b8f17428677d4c91a3e5c5e07222ca8e7c282ae5c25d7e82d56da86a1201bb202efd06170ff73a3225afc34d6cb68d21d76e3c3371531929
-
SSDEEP
6144:IXdaAfyvRwWoe2XlFSFb3bzpYpYFRQnyHWPBsxz:IXdaAqvRwWoe2XjSVvUYuyHWPBsxz
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6adedce33d9fef43c28df812acc3a1cc742bd5b07e85cb8096506510a94439bd.exe
Files
-
6adedce33d9fef43c28df812acc3a1cc742bd5b07e85cb8096506510a94439bd.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 300KB - Virtual size: 299KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE