blackmoon | 2e3394d834c5cc647bf1a8a6004a810bbab8a538d0dc4a5dceac7ab4317d886b

Sharing

Copy URL Twitter E-mail

General

Target

2e3394d834c5cc647bf1a8a6004a810bbab8a538d0dc4a5dceac7ab4317d886b
Size

560KB
MD5

7484a7c6cf4848e54ad33eed88224ebc
SHA1

5d58daa1bbd0e23e020711b4509a586f79be1697
SHA256

2e3394d834c5cc647bf1a8a6004a810bbab8a538d0dc4a5dceac7ab4317d886b
SHA512

ce068b4f801f939e7954180a708f333d440c46a3b5abe2fe2cdfde1ab3757d1d20f33d8b6fd9f5de59c45ce31766a730d6d1f7bb7b6033d10139fcccd95618d7
SSDEEP

6144:KRxnyvyOWRybpNSQeog17FIDekO+nZd2K4ceUh2q/+Km//v0oW:CnyvyOWRybpNEog17FIiwZdb4+H+Kmn

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e3394d834c5cc647bf1a8a6004a810bbab8a538d0dc4a5dceac7ab4317d886b

Files

2e3394d834c5cc647bf1a8a6004a810bbab8a538d0dc4a5dceac7ab4317d886b
.exe windows:4 windows x86 arch:x86

77b9a1b33e5c267f6a5bce9d03740948

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
GetTempPathA
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
RemoveDirectoryA
SetFilePointer
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
GetTickCount
GetVersionExA
GlobalLock
GlobalUnlock
GetLocalTime
GetEnvironmentVariableA
GetStartupInfoA
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
DeleteFileA
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetSystemInfo
GetComputerNameA
WaitForSingleObject
QueryPerformanceCounter
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
GlobalAlloc
VirtualFree
GetProcAddress
LoadLibraryA
VirtualAlloc
QueryPerformanceFrequency
SetLastError
GetNativeSystemInfo
GetCurrentProcessId
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
lstrcpyn
Process32Next
Process32First
GetCurrentThreadId
TerminateThread
GetExitCodeThread
SetWaitableTimer
CreateWaitableTimerA
lstrcpynA
GetTempPathW
lstrlenW
Module32First
MoveFileA
QueryDosDeviceW
CloseHandle
TerminateProcess
OpenProcess
SetStdHandle
IsBadCodePtr
GetStringTypeW
Process32NextW
Sleep
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetModuleHandleA
GetCurrentProcess
LocalFree
WideCharToMultiByte
RtlMoveMemory
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
LocalAlloc
HeapDestroy
GetFileType
GetStdHandle
DeleteCriticalSection
lstrlenA
SetSystemPowerState
GetLastError
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcpyA
InterlockedIncrement
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
CreateThread

user32

SetTimer
KillTimer
MapVirtualKeyA
EnableWindow
GetParent
IsWindowEnabled
GetActiveWindow
SetForegroundWindow
ExitWindowsEx
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
GetWindowThreadProcessId
SendInput
SetWindowLongA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
GetSysColorBrush
LoadStringA
DestroyMenu
GetAncestor
GetFocus
GetCursorPos
WindowFromPoint
SetCursorPos
ClientToScreen
DrawIcon
PostMessageW
GetForegroundWindow
PostMessageA
SetActiveWindow
AttachThreadInput
GetIconInfo
GetCursorInfo
ReleaseDC
GetDesktopWindow
MsgWaitForMultipleObjects
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageA
wsprintfA
MessageBoxA
GetWindowTextLengthA
ShowWindow
IsWindowVisible
PeekMessageA
GetWindowTextA
GetWindow
FindWindowExA
GetInputState
UnregisterClassA
DispatchMessageA
TranslateMessage
DefWindowProcA
PostQuitMessage
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
CallWindowProcA

advapi32

RegDeleteValueA
OpenServiceA
StartServiceA
QueryServiceStatus
QueryServiceStatusEx
ControlService
DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A
ChangeServiceConfig2A
GetServiceDisplayNameA
GetServiceKeyNameA
CreateServiceA
ChangeServiceConfigA
EnumServicesStatusA
EnumServicesStatusExA
EnumDependentServicesA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA
OpenSCManagerA
RegQueryValueExA
RegEnumValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathW

psapi

GetProcessImageFileNameW
GetModuleFileNameExA

shlwapi

PathFindFileNameA
PathIsDirectoryW
PathFileExistsA
PathFindExtensionA

ws2_32

htons
inet_addr
socket
gethostbyname
recv
WSACleanup
closesocket
setsockopt
WSAStartup
send
connect

gdi32

SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDIBSection
DeleteDC
SelectObject
DeleteObject
BitBlt
GdiFlush
GetStockObject
GetObjectA
CreateCompatibleDC
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77b9a1b33e5c267f6a5bce9d03740948

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

psapi

shlwapi

ws2_32

gdi32

winspool.drv

comctl32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 172KB - Virtual size: 271KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 172KB - Virtual size: 271KB

.rsrc
Size: 16KB - Virtual size: 13KB