blackmoon | 152b55f01b073d99e5041ade8c954a82492f5f0113d63e5c0ef7715e86d41ad6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

152b55f01b073d99e5041ade8c954a82492f5f0113d63e5c0ef7715e86d41ad6
Size

826KB
MD5

2fc7e67604304c2a44820ba464cff98a
SHA1

45199179a9c71f79b7730e73eeef6e4329e3a89a
SHA256

152b55f01b073d99e5041ade8c954a82492f5f0113d63e5c0ef7715e86d41ad6
SHA512

36bf191f9b661bd73014b127acef9af8aa56ae0a162145ead7ae4596fa6b9c6c226a8884c2d0162b8edc81b9a9206dc2cb450954ec19fb18ee6b4444583f99e6
SSDEEP

12288:363wP8U1/M+r5Rdp2JX/xASW6r2mCEl8nF6z5Ky1VkPXHQdGxV/db0uwG0x8CJ5q:35idX/ximAFs5Ky1VkPXHPh0Lg3Zf

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
152b55f01b073d99e5041ade8c954a82492f5f0113d63e5c0ef7715e86d41ad6
unpack001/out.upx

Files

152b55f01b073d99e5041ade8c954a82492f5f0113d63e5c0ef7715e86d41ad6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 817KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 940KB - Virtual size: 938KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ