blackmoon | 62e7d2855d5fcfef51ebb089e4c927ba_JaffaCakes118 | Triage

Sharing

General

Target

62e7d2855d5fcfef51ebb089e4c927ba_JaffaCakes118
Size

1.2MB
MD5

62e7d2855d5fcfef51ebb089e4c927ba
SHA1

66b9c8af6cec8c97a2c27d5a85bb3dfaa4f3a238
SHA256

a2e8843e56a343eb851c92463c123b06c2edc8a7c4704ec51e4ba42405cdb9b4
SHA512

c6fc9221ef2f26ed20e5e97195260d7a445175f4b3c9fdb8a48c9e0c2b4d21cf0998a408261eeb976b9ef9a1867313fd5624509b5f105ca37a43546e3eeefa2f
SSDEEP

24576:nB9TKWd0f53bIaRzL3OdGls5n5buo2+TntGWEzkQghh:ratbBFCbA+TcVYh

Score

10^/10

blackmoon poullight

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/SALIKHACK/SALIKHACK.exe	family_blackmoon

Poullight Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/SALIKHACK/SALIKHACK.exe	family_poullight

Poullight family
poullight
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/SALIKHACK/SALIKHACK.exe

Files

62e7d2855d5fcfef51ebb089e4c927ba_JaffaCakes118
.rar
SALIKHACK/SALIKHACK.BAT
SALIKHACK/SALIKHACK.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ