blackmoon | 9e60eb3016a5d782bf6bf742a469b39833da0c2976093f46fb8c822ea2a6e710 | Triage

Sharing

General

Target

9e60eb3016a5d782bf6bf742a469b39833da0c2976093f46fb8c822ea2a6e710
Size

3.8MB
MD5

9c35d0879debdd561cbc68790bd73701
SHA1

9d170067b14772232e276838c6978107d37531a7
SHA256

9e60eb3016a5d782bf6bf742a469b39833da0c2976093f46fb8c822ea2a6e710
SHA512

5b882f20d95a15413d0e051063fe522ea6864a7eba75a4cb198d46b59fde1796dfbddfd93c535f2a53e3921f89edb1b4db892bac8c0976e82f8eedad3f91a716
SSDEEP

49152:umOZsVWWGVMokrKxMFa/CPnWysAag3e5h2YGOHcNJhz+p1tFmqAWDg6/xnEqqfS5:rVWW+Mokr9Fcv3aOHc38pfFTn/xbq65

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9e60eb3016a5d782bf6bf742a469b39833da0c2976093f46fb8c822ea2a6e710

Files

9e60eb3016a5d782bf6bf742a469b39833da0c2976093f46fb8c822ea2a6e710
.exe windows:4 windows x86 arch:x86

abe9b5c2bb54becc3e00740420f3f99b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
OpenProcess
LocalAlloc
LocalFree
CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
WideCharToMultiByte
GetCommandLineW
FindClose
WriteFile
CreateFileA
SetFileAttributesA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
DeleteFileA
FindNextFileA
FindFirstFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
FindFirstFileW
GetModuleFileNameA
MultiByteToWideChar

user32

GetMessageA
wsprintfA
PeekMessageA
TranslateMessage
MessageBoxA
DispatchMessageA

ole32

CoCreateGuid

msvcrt

_stricmp
__CxxFrameHandler
modf
??3@YAXPAX@Z
free
malloc
floor
sprintf
strrchr
_ftol
strchr
atoi
memmove
realloc

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE