blackmoon | 809c36b5ee0329e932c32879ed9140e716dc3ebba03421b33e4705a7f2c66f85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

809c36b5ee0329e932c32879ed9140e716dc3ebba03421b33e4705a7f2c66f85
Size

2.5MB
MD5

20e6aa1d44b8d35ccdcd82a6a53f95af
SHA1

46aba1e94cb06c42016a76bb5ec66deebc9797b0
SHA256

809c36b5ee0329e932c32879ed9140e716dc3ebba03421b33e4705a7f2c66f85
SHA512

7580515efaf8a40735616a755f36f9172e0ab06e54f4735ab4a4ac47ca0f39a83e5df82d47f58bd9b940850e8bf959aa83e22e1c8d6709410be553d02bf44abf
SSDEEP

49152:3wQSMKE1rH8NuT0vJuQ8fejwX81EKifbwmrXyhaXg/Inh/wxK70FIBIS3+xY28Yw:3ZSlKrH8gT0vJ38GkXYEKifbwmrXyha/

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
809c36b5ee0329e932c32879ed9140e716dc3ebba03421b33e4705a7f2c66f85
unpack001/out.upx

Files

809c36b5ee0329e932c32879ed9140e716dc3ebba03421b33e4705a7f2c66f85
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 900KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ