Behavioral task
behavioral1
Sample
81ed693e67591f3f5ad962c027c90d5f844e1c25c1896632f1e95225370e2424.exe
Resource
win7-20240221-en
General
-
Target
3f8fe7becee144517b8616d3e9299f66.bin
-
Size
100KB
-
MD5
684921c734c667ed8b253b97ba80c02f
-
SHA1
5a87fb03e5f2ddfcd863be8257d98e115c4fd00b
-
SHA256
8ea207b9aa69f0bfea4f0a239ebae95d531c96f03f6e3cea50077e9620b20ef7
-
SHA512
a2ad3f15393bc5353133d474065cd1e662386128cded4fe408387ec4b8d55df4ca277568f6fe49ca48f6bbe6df8e756959613442a53eacbd52cbd3878e3d8d40
-
SSDEEP
3072:qYXQm0X6AnEHHEb2/mgiWnRX4JdBh4kX82Jderd:qmQmOFEuqmgFnRX4NmoBerd
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule static1/unpack001/81ed693e67591f3f5ad962c027c90d5f844e1c25c1896632f1e95225370e2424.exe family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/81ed693e67591f3f5ad962c027c90d5f844e1c25c1896632f1e95225370e2424.exe
Files
-
3f8fe7becee144517b8616d3e9299f66.bin.zip
Password: infected
-
81ed693e67591f3f5ad962c027c90d5f844e1c25c1896632f1e95225370e2424.exe.exe windows:4 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 300KB - Virtual size: 299KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE