blackmoon | 51f0830ab021615452fc859f8027aab7231eaf7281f5fb8958bed138027718bf

General

Target

51f0830ab021615452fc859f8027aab7231eaf7281f5fb8958bed138027718bf
Size

100KB
MD5

6c3ae28428dd99b2b103c5d0cfaf5076
SHA1

52f402a65c94ed2d95bf8cfe5715bd99b31b4737
SHA256

51f0830ab021615452fc859f8027aab7231eaf7281f5fb8958bed138027718bf
SHA512

6bb2d1f93757c1ae759d6d928c34de21e5f9175a48422469fd956129bb42fcd9696e495bd73860ffaf2aa306c571a21f942facb5775f9515004c54cc7902659d
SSDEEP

3072:+fbdfD6IjZrRR25y92fQRUC5kEkUl+ZFd:+TdLdrAy92fQTkpY+fd

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/7bedb97f8d7696215bdaad9a743979047c71a798d737c4176af4c04f2bd1a5c8.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7bedb97f8d7696215bdaad9a743979047c71a798d737c4176af4c04f2bd1a5c8.exe

51f0830ab021615452fc859f8027aab7231eaf7281f5fb8958bed138027718bf
.zip

Password: infected
7bedb97f8d7696215bdaad9a743979047c71a798d737c4176af4c04f2bd1a5c8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE