Behavioral task
behavioral1
Sample
2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom
-
Size
12.1MB
-
MD5
363933ccd21e56d8786ffde6ee09a4b1
-
SHA1
f99af556f6c274f072bff355ac5cb24281958bc6
-
SHA256
57b5c39fdcd0054a5f8979a1531861a4a1fe39bf55f4e9efbc331cdb24da12e7
-
SHA512
cf4e8b6a4b9559b8adff1b5b61935f8a022d21f9944affeaba99c0171c36c0e7e87d04080adc3c66a6dd208b3d6e8dca5c1bc89090f07341084af47ef47cb77c
-
SSDEEP
393216:Qd9c5hlEK/PNKwtN3ZWyp032LOqKT1g8Cy:QXEhxtKwtN3p232LOqKgz
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom
Files
-
2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 276KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 102KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
0xfff.pyc