blackmoon | 6af37a22813e2c41279efb27df9d8e98848d15a86fac51f74e9ba10d9561afb9 | Triage

Sharing

General

Target

6af37a22813e2c41279efb27df9d8e98848d15a86fac51f74e9ba10d9561afb9
Size

597KB
MD5

a70d042617532c56bf4ef1378b185f49
SHA1

b4144811cf26b48eceb7025bf54bd9714c8c3981
SHA256

6af37a22813e2c41279efb27df9d8e98848d15a86fac51f74e9ba10d9561afb9
SHA512

758b10a08a51791b8152ad0958bb130038eb90d85e2457ac168a88aaa8eef834dc9e3f925b8d05cf509434d422e231296d2f8983b0fb613a017d6b6e19182538
SSDEEP

12288:23Thq93KeGY0/FykkbHh+KpQRIz6vxgvkgMfB+AD48Cm:WmzG0NThVz6vOhMfcAs8F

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af37a22813e2c41279efb27df9d8e98848d15a86fac51f74e9ba10d9561afb9

Files

6af37a22813e2c41279efb27df9d8e98848d15a86fac51f74e9ba10d9561afb9
.exe windows:4 windows x86 arch:x86

8f610801b28c290b36d7a5feeeb78aef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
WriteFile
CreateFileA
DeleteFileA
WritePrivateProfileStringA
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
GetProcAddress
LoadLibraryA
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
GetTickCount
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
CreateToolhelp32Snapshot
FreeLibrary
Sleep

user32

TranslateMessage
DispatchMessageA
MessageBoxA
GetMessageA
PeekMessageA
wsprintfA

msvcrt

modf
atoi
_ftol
strrchr
sprintf
strchr
_stricmp

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 584KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ