blackmoon | 27a688dad51ec6b1ee1b2d476bf4d49f7eff4150817d634e93fba5c6004159b5

Sharing

Copy URL Twitter E-mail

General

Target

27a688dad51ec6b1ee1b2d476bf4d49f7eff4150817d634e93fba5c6004159b5
Size

142KB
MD5

7dfc56b2cdba09bb9decff4c84db1d45
SHA1

ddbd101406fd6f1d14574763e56e5a91cc570e28
SHA256

27a688dad51ec6b1ee1b2d476bf4d49f7eff4150817d634e93fba5c6004159b5
SHA512

16c1544d94396e3cd5f4d3abed94d2a0e449e162887c7f6a0a850e1d1fc0d1528abc8a32f9aefea05f5856e09a8a733f8811f8cd3865b92dda4f5f9739485b5d
SSDEEP

3072:HBcASbr7LYehbH0R8+E/GRPWT3xpEk4p9G6VIgM/:A7LYiH0i/G87vL4p1in/

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

27a688dad51ec6b1ee1b2d476bf4d49f7eff4150817d634e93fba5c6004159b5
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:f7:d9:5c:5b:27:8c:db:26:58:80:5e:08:76:75:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/06/2018, 00:00

Not After

27/08/2019, 23:59

Subject

CN=Alibaba (China) Network Technology Co.\,Ltd.,OU=RDC,O=Alibaba (China) Network Technology Co.\,Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:a9:31:8d:11:5f:7c:a2:5c:65:ce:4d:48:dd:2c:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/06/2018, 00:00

Not After

28/08/2019, 23:59

Subject

CN=Alibaba (China) Network Technology Co.\,Ltd.,OU=RDC,O=Alibaba (China) Network Technology Co.\,Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:b4:28:fe:12:5f:2d:2e:70:9e:4d:6e:bb:2d:2e:5f:90:dc:76:c9:d4:af:6b:3d:c6:eb:69:66:34:fc:57:c9
Signer

Actual PE Digest

dc:b4:28:fe:12:5f:2d:2e:70:9e:4d:6e:bb:2d:2e:5f:90:dc:76:c9:d4:af:6b:3d:c6:eb:69:66:34:fc:57:c9

Digest Algorithm

sha256

PE Digest Matches

false

0a:55:73:98:7c:ed:f8:b9:26:d6:d7:2b:dc:05:6f:cb:56:53:53:00
Signer

Actual PE Digest

0a:55:73:98:7c:ed:f8:b9:26:d6:d7:2b:dc:05:6f:cb:56:53:53:00

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

26:f7:d9:5c:5b:27:8c:db:26:58:80:5e:08:76:75:ffCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5c:a9:31:8d:11:5f:7c:a2:5c:65:ce:4d:48:dd:2c:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

dc:b4:28:fe:12:5f:2d:2e:70:9e:4d:6e:bb:2d:2e:5f:90:dc:76:c9:d4:af:6b:3d:c6:eb:69:66:34:fc:57:c9Signer

0a:55:73:98:7c:ed:f8:b9:26:d6:d7:2b:dc:05:6f:cb:56:53:53:00Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 460KB

UPX1 Size: 120KB - Virtual size: 124KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 80KB - Virtual size: 147KB

.rsrc Size: 312KB - Virtual size: 308KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

26:f7:d9:5c:5b:27:8c:db:26:58:80:5e:08:76:75:ff
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5c:a9:31:8d:11:5f:7c:a2:5c:65:ce:4d:48:dd:2c:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

dc:b4:28:fe:12:5f:2d:2e:70:9e:4d:6e:bb:2d:2e:5f:90:dc:76:c9:d4:af:6b:3d:c6:eb:69:66:34:fc:57:c9
Signer

0a:55:73:98:7c:ed:f8:b9:26:d6:d7:2b:dc:05:6f:cb:56:53:53:00
Signer

UPX0
Size: - Virtual size: 460KB

UPX1
Size: 120KB - Virtual size: 124KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 80KB - Virtual size: 147KB

.rsrc
Size: 312KB - Virtual size: 308KB