blackmoon | 0d5e1f2086c0db01e00521eb992a070f[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d5e1f2086c0db01e00521eb992a070f.bin
Size

10.1MB
MD5

0d5e1f2086c0db01e00521eb992a070f
SHA1

74dc9f63dc29a8913d76a4cbe32a743ed8dddfa7
SHA256

a14c61aaa46bfa2a6712ada3d3d539bd05ddadcb6e4aa4fbb7cbaabdbaec17e9
SHA512

555ad10072248352433f67d8ed9e153eb5ecb8aa5a5f41f2b94b49a671c1d0e0491076f1c02dc141a3f5b9b4f266a534d7fde8937cd56326c3c2956cc89383df
SSDEEP

196608:J6Z6oHTYctDJb3Nzib5S66bqfws6Ki3r/6:4o+MC7NziNJ6OI53

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d5e1f2086c0db01e00521eb992a070f.bin

Files

0d5e1f2086c0db01e00521eb992a070f.bin
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE