blackmoon | 407b02401a0b3421ff24f066a446a4761f1bd7e7a316ea9416bb3dd830a3c94f

Sharing

Copy URL

Twitter E-mail

General

Target

407b02401a0b3421ff24f066a446a4761f1bd7e7a316ea9416bb3dd830a3c94f
Size

3.6MB
MD5

722149e3b85a55daa0fec78a757c8a90
SHA1

3c9147bb8a5214551c7f4654ff32f992ecf47450
SHA256

407b02401a0b3421ff24f066a446a4761f1bd7e7a316ea9416bb3dd830a3c94f
SHA512

7f6cdf62d4e752d5895470604024bb952a485d10ecacf4fb2431c7a06341c36c461571bd752fd76910246d6bd908447f8ceda44210bfde7f02850b65864c4a46
SSDEEP

49152:nP/X4JxT+/jUROugaa/mxu/+RVgZMjf4r+AQPYAZGYd1iDL2:P/XgxT+T6umRyem+tQAZ71s

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
407b02401a0b3421ff24f066a446a4761f1bd7e7a316ea9416bb3dd830a3c94f

Files

407b02401a0b3421ff24f066a446a4761f1bd7e7a316ea9416bb3dd830a3c94f
.exe windows:4 windows x86 arch:x86

14d972e9b53feb9c35e9252864cde4ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
IsDebuggerPresent
CreateFileW
GetFileSize
ReadFile
IsBadReadPtr
DeleteFileA
HeapAlloc
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
DeleteFileW
FindNextFileW
Module32First
Module32Next
lstrcpyn
TerminateThread
WriteFile
CreateThread
WaitForSingleObject
GetLocalTime
GetCurrentDirectoryW
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleA
VirtualQueryEx
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GlobalSize
VirtualFreeEx
GetFileSizeEx
VirtualProtectEx
RtlZeroMemory
lstrcmpW
lstrcmpiW
ExitProcess
HeapReAlloc
GetModuleFileNameA
GetPrivateProfileStringA
CreateFileA
SetFileAttributesA
CreateWaitableTimerA
GetUserDefaultLCID
Sleep
FindNextFileA
FindFirstFileA
WritePrivateProfileStringA
GetTickCount
CreateProcessA
GetStartupInfoA
MoveFileA
RemoveDirectoryA
CreateDirectoryA
GetCommandLineA
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetVersionExA
DeviceIoControl
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLastError
QueryPerformanceCounter
UnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
LCMapStringW
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
LocalFree
LocalAlloc
TerminateProcess
OpenProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
FindClose
lstrlenW
FindFirstFileW
GetCurrentProcessId
IsBadCodePtr
MultiByteToWideChar
lstrlenA
HeapFree
GetProcessHeap
RtlMoveMemory
SetFilePointer
VirtualAlloc
QueryPerformanceFrequency
GetVolumeInformationA
GetComputerNameA
GetExitCodeThread
CreateMutexA
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
ReleaseMutex
RaiseException
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetVersion
DeleteCriticalSection

user32

CreateWindowStationA
GetClassNameA
LoadImageA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetSystemMetrics
GetCursorPos
EnableMenuItem
GetWindowTextA
IsWindowVisible
GetWindowLongA
SetMenuItemInfoW
CheckMenuItem
ShowWindow
MsgWaitForMultipleObjects
SetTimer
EnumWindows
FindWindowExA
SendMessageW
KillTimer
GetDC
ReleaseDC

gdi32

DeleteDC
DeleteObject
GetBitmapBits
StretchBlt
GetDIBColorTable
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteW

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal

shlwapi

PathFindFileNameA
StrToIntExA
StrToIntW
StrToIntExW
PathFileExistsA
PathFindExtensionA

wininet

InternetReadFile
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetOpenA
HttpQueryInfoA

oleaut32

VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SysAllocStringByteLen
VariantTimeToSystemTime
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayCreate

psapi

EnumProcesses

gdiplus

GdipSaveImageToFile
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDrawImageRectRect
GdipFillRectangle
GdipGetImageGraphicsContext
GdiplusStartup
GdipDisposeImage
GdipCreateBitmapFromStream
GdipLoadImageFromFile
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight

Sections

.text
Size: 1004KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

14d972e9b53feb9c35e9252864cde4ba

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wininet

oleaut32

psapi

gdiplus

Sections

.text Size: 1004KB - Virtual size: 1002KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 200KB - Virtual size: 289KB

.vmp0 Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 268KB - Virtual size: 265KB

.text
Size: 1004KB - Virtual size: 1002KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 200KB - Virtual size: 289KB

.vmp0
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 268KB - Virtual size: 265KB