blackmoon | 49665d2d41515f66b3b8043d4218c94d[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

49665d2d41515f66b3b8043d4218c94d.bin
Size

122KB
MD5

31b232b980974716fdea8394d3579dd5
SHA1

9b7cb12dcb3917722e1454fe0df6c3a45da85c40
SHA256

0630298e145250020320634a554f7f5b0de01f17b62417a214d10afef1b130b9
SHA512

4ef07382bb100281dbc1f4256f8c8a10c4463fb5bbc93277d18adeb4cda93465fc242fdf814d21095d01a40ebd866de95d631393d90d8f8fdd2ac2c4fef0219c
SSDEEP

3072:IsLzjseTcsG31LqjJfHXKVK2gVHyNVR+nz3lCvDag6X8w:IsseAj31mjJfa42b/R+nR8DV6h

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/b818ebec50e611aa06e1aef9a4ebb799559cad64254a9b69cfc3d631def30bd3.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/b818ebec50e611aa06e1aef9a4ebb799559cad64254a9b69cfc3d631def30bd3.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b818ebec50e611aa06e1aef9a4ebb799559cad64254a9b69cfc3d631def30bd3.exe

Files

49665d2d41515f66b3b8043d4218c94d.bin
.zip

Password: infected
b818ebec50e611aa06e1aef9a4ebb799559cad64254a9b69cfc3d631def30bd3.exe
.exe windows:4 windows x86 arch:x86

Password: infected

391b34fdb03bbbe961a380d74dcff2da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegCloseKey

atl

AtlAxGetControl
AtlAdvise
AtlUnadvise
AtlAxWinInit
AtlAxWinInit

gdi32

CreateSolidBrush
SelectObject
DeleteObject
DeleteDC
SetTextColor
SetBkMode
GetStockObject
Rectangle
StretchBlt
GetPixel
GetObjectA
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
CreatePatternBrush
FillRgn
FrameRgn
SetBkColor

kernel32

LocalSize
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
Module32First
GlobalAlloc
GlobalLock
RtlMoveMemory
MulDiv
lstrcpyn
GlobalSize
lstrcpyn
WideCharToMultiByte
GetTempPathA
GetWindowsDirectoryA
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
CloseHandle
GlobalFree
TerminateThread
GetModuleHandleA
GlobalUnlock
GetProcessHeap
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
WritePrivateProfileStringA
GetUserDefaultLCID
WriteFile
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

msimg32

AlphaBlend
TransparentBlt
AlphaBlend

msvcrt

__CxxFrameHandler
malloc
free
memmove
modf
rand
srand
toupper
_CIfmod
strchr
floor
??2@YAPAXI@Z
strrchr
_ftol
atoi
??3@YAXPAX@Z
strncpy
tolower
sprintf
strncmp
strtod
_strnicmp
free

oleaut32

VarR8FromI2
LoadTypeLib
LHashValOfNameSys
RegisterTypeLib
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
OleLoadPicture
VarR8FromCy
VarR8FromCy

shell32

Shell_NotifyIcon
DragFinish
DragQueryFile
ShellExecuteA
DragAcceptFiles
DragFinish

shlwapi

PathFileExistsA
PathFileExistsA

user32

RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
DrawTextA
IsZoomed
IsIconic
GetSysColor
MsgWaitForMultipleObjects
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
GetSystemMetrics
UpdateLayeredWindow
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetWindowRect
GetFocus
LoadMenuA
DrawIcon
CreateWindowExA
DestroyIcon
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessage
TranslateAccelerator
GetMessageA
CallWindowProcA
FillRect
GetClientRect
InvalidateRect
GetAncestor
GetParent
CopyIcon
CopyImage
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
DestroyMenu
DrawIconEx
GetIconInfo
CreateMenu
CreatePopupMenu
GetDlgItem
GetSystemMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
SetFocus
LoadCursorA
RegisterClassExA

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetOpenA

gdiplus

GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFont
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDrawString
GdipDrawImagePointRect
GdipFillRectangle
GdipGetImageDimension
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDrawLine
GdipCreatePen1
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusStartup
GdipDrawLine

combase

CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString

ole32

OleRun
CoInitialize
OleRun

Sections

UPX0
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

391b34fdb03bbbe961a380d74dcff2da

Headers

File Characteristics

Imports

advapi32

atl

gdi32

kernel32

msimg32

msvcrt

oleaut32

shell32

shlwapi

user32

wininet

gdiplus

combase

ole32

Sections

UPX0 Size: 360KB - Virtual size: 360KB

UPX1 Size: 80KB - Virtual size: 80KB

UPX2 Size: 14KB - Virtual size: 14KB

UPX0
Size: 360KB - Virtual size: 360KB

UPX1
Size: 80KB - Virtual size: 80KB

UPX2
Size: 14KB - Virtual size: 14KB