blackmoon | 5c5677ef37ebe7122f8d4e75eb83f688[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c5677ef37ebe7122f8d4e75eb83f688.bin
Size

124KB
MD5

09a30ff2cfa9dc038ff2480c227d8efe
SHA1

88138780e626f52db80746546603497f67dd99a4
SHA256

9a24542dbf39b1242a26751a3c4684f190e6e5e41ea4a728dfb68ec3654febbc
SHA512

b9d26d75cb730643d246e9eaaa28e815c3e5e25bcc9be9925549d80b052531555c8f1b0fc4edbb7c1fbfd65ac1551460c4755ff11ef648250c3a02fbfe5018b6
SSDEEP

3072:9YDRTbJUc5nf2B+sRGq052KLTwE0Wloc7+S2rko:9CRTblhuFRaWCTy1ko

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/88a5df474b906d1450e537408a03e92742fad2fae1d59f40d458b924bad2d660.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/88a5df474b906d1450e537408a03e92742fad2fae1d59f40d458b924bad2d660.exe

Files

5c5677ef37ebe7122f8d4e75eb83f688.bin
.zip

Password: infected
88a5df474b906d1450e537408a03e92742fad2fae1d59f40d458b924bad2d660.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE