blackmoon | a565cc7cb8b61e7c6d364d42e1c091f0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a565cc7cb8b61e7c6d364d42e1c091f0_NeikiAnalytics
Size

1.6MB
MD5

a565cc7cb8b61e7c6d364d42e1c091f0
SHA1

f641e7808c734237606142832c3d224f8f247c43
SHA256

055474f3e69446c8068014bb1e57cbaa471c7e4415bfd0f21b4ded2e118ed5db
SHA512

b8d9ba63d68a2b736e959bcad02bbe452bcabe4775490dcc398f7f20c9b8657f53147d5417bb5b19118583be53f22004c54d04cf5f0b38e6446e7afc8b908773
SSDEEP

24576:7wRyG1Z3jc1VCrNHtBCACH5jcAkSYqyEh/75jcAkSYqyE:7wIGnzcErNNQJlpYqB/5pYq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a565cc7cb8b61e7c6d364d42e1c091f0_NeikiAnalytics

Files

a565cc7cb8b61e7c6d364d42e1c091f0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE