blackmoon | e42a8fab14515c57bfbc85669e206754[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e42a8fab14515c57bfbc85669e206754.bin
Size

119KB
MD5

91daa2f99cc804666d13ec499105b620
SHA1

06caa6f754308a1f0a00147769c68e3470be7729
SHA256

8bbf4f5bd600dd7729cb2c9d5b86805fc261716726bf13778085092436cc876e
SHA512

7bdfb6b4b1e6fb57dd9f92b997f8c45979968b2724ddabf18d9577e994cf22e54293cf4dc46513dfca1186b7be8f1acb711d16b1d00a1ef50d71ba2d7b21edf0
SSDEEP

3072:lJ/alth3zEVojvLeSbhzV+qk7g9WhlqfRVTYmDpap:l6DEOXeSdAg9ws0Ipap

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/9201a001981d512bc68b9d677942007331c0a2b570f6637cb158de12624a1cd7.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/9201a001981d512bc68b9d677942007331c0a2b570f6637cb158de12624a1cd7.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9201a001981d512bc68b9d677942007331c0a2b570f6637cb158de12624a1cd7.exe

Files

e42a8fab14515c57bfbc85669e206754.bin
.zip

Password: infected
9201a001981d512bc68b9d677942007331c0a2b570f6637cb158de12624a1cd7.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE