blackmoon | 958b7d91b2f26717432bdb2d9702dd3d[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

958b7d91b2f26717432bdb2d9702dd3d.bin
Size

109KB
MD5

e50073e11fb07a2f37acc1e628cdaaf2
SHA1

6b67b04128c81c9225891137702968e3892d1075
SHA256

9cb9b8972ec4d8a58e4719e2f30645f4c73cd08f157587a08bab89ae9951cfc4
SHA512

b2e6c16eabeb0642c853db701f35cdc0ead84cda9800fe2e7f7571d055e40fbef102cada2fbc11ac5e4c1c2106b93cd3e25d17740b37ca3fa28745f241f0fb64
SSDEEP

3072:qpiyY5MJfQfXeA5GOA753YIVJbYVC5KwFGH1V:q8yY58euig53Zz+C5KLT

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/c3f5c40d9425e1325f36f856effb26cb832e09e78df9f689fddbeef0a386569b.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c3f5c40d9425e1325f36f856effb26cb832e09e78df9f689fddbeef0a386569b.exe

Files

958b7d91b2f26717432bdb2d9702dd3d.bin
.zip

Password: infected
c3f5c40d9425e1325f36f856effb26cb832e09e78df9f689fddbeef0a386569b.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE