blackmoon | a8dd3ca6e61ceb18c6e30551c910dd98[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8dd3ca6e61ceb18c6e30551c910dd98.bin
Size

100KB
MD5

9b5a40c67912b06ea42d0ff9d26a8861
SHA1

92ff237b90bfbfaa273a76591176192493a82514
SHA256

8925db5efb8c5c7ed29d8f3c34c42e2e5a7f0f3ee833a2e7aa49c0061c9165c9
SHA512

c8a54f9f58f33b2f0af094c046926bfdb45a6c39e2c92fd3e74a922664ff5583094b745dabdbcc0aea3e1f54f3481455b9d0aed0ba235aff66f7bd690444e4eb
SSDEEP

3072:9a6TDskTM1bgn6XlVm+agcpmK3/mTJ79whDW:9JTDsgoe6uBpnP8YDW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/c07a262e77a37b52cc15448da60480d9b9b69373d7a678df762300c9ece55c01.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c07a262e77a37b52cc15448da60480d9b9b69373d7a678df762300c9ece55c01.exe

Files

a8dd3ca6e61ceb18c6e30551c910dd98.bin
.zip

Password: infected
c07a262e77a37b52cc15448da60480d9b9b69373d7a678df762300c9ece55c01.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE