blackmoon | 084d7577bd8ad486f8c9f3f3377ca00c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

084d7577bd8ad486f8c9f3f3377ca00c_JaffaCakes118
Size

13.8MB
MD5

084d7577bd8ad486f8c9f3f3377ca00c
SHA1

6ddf8f9d98801bcb049448b51c7b6e9c074f3826
SHA256

05617954db623255a0639453760cdb289df323950e9d41c31f9a7f9d15f2dcd1
SHA512

97cda9a5a3f6e109beff55bc84a2d3a045b6e977a8f4c5fdcd4277ba17ca740ab710ac2e9cc224379c78aee38e16725611bf0855b3b1180def0a12d6725a4f41
SSDEEP

196608:MC2ZhC2ZKFCmfwAtlCgCvEVWJ8CBk2yfVoxwKGF87n:MC2XC2AFCmfBtYgCcVW6VsA8n

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

084d7577bd8ad486f8c9f3f3377ca00c_JaffaCakes118
.exe windows:6 windows x86 arch:x86

Code Sign

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/05/2016, 17:13

Not After

03/08/2017, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:64:2c:e2:5a:da:4d:a0:c2:55:06:b2:5f:5e:5a:a1:e5:85:97:f5:0b:81:7c:19:c5:8e:ef:66:a0:b6:f4:2e
Signer

Actual PE Digest

4b:64:2c:e2:5a:da:4d:a0:c2:55:06:b2:5f:5e:5a:a1:e5:85:97:f5:0b:81:7c:19:c5:8e:ef:66:a0:b6:f4:2e

Digest Algorithm

sha256

PE Digest Matches

false

e1:c4:90:dc:65:45:56:d2:3e:95:47:e5:66:ff:6b:fc:b9:be:6f:d6
Signer

Actual PE Digest

e1:c4:90:dc:65:45:56:d2:3e:95:47:e5:66:ff:6b:fc:b9:be:6f:d6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\selfcert.pdb

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 340B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:acCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

4b:64:2c:e2:5a:da:4d:a0:c2:55:06:b2:5f:5e:5a:a1:e5:85:97:f5:0b:81:7c:19:c5:8e:ef:66:a0:b6:f4:2eSigner

e1:c4:90:dc:65:45:56:d2:3e:95:47:e5:66:ff:6b:fc:b9:be:6f:d6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 178KB - Virtual size: 178KB

.data Size: 8KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 9B

.c2r Size: 512B - Virtual size: 340B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 9KB

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

4b:64:2c:e2:5a:da:4d:a0:c2:55:06:b2:5f:5e:5a:a1:e5:85:97:f5:0b:81:7c:19:c5:8e:ef:66:a0:b6:f4:2e
Signer

e1:c4:90:dc:65:45:56:d2:3e:95:47:e5:66:ff:6b:fc:b9:be:6f:d6
Signer

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 178KB - Virtual size: 178KB

.data
Size: 8KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 9B

.c2r
Size: 512B - Virtual size: 340B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 9KB