blackmoon | 5d51da693f80dc30b09b484c9f9d4a20ffc08ac0297183234ea3f9b8a5318683 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d51da693f80dc30b09b484c9f9d4a20ffc08ac0297183234ea3f9b8a5318683
Size

80KB
MD5

4c0c402f50ef69909e3023c8285d90a7
SHA1

eeca6efbab985e692d511fc36235da4ddc6fc48b
SHA256

5d51da693f80dc30b09b484c9f9d4a20ffc08ac0297183234ea3f9b8a5318683
SHA512

15745fea16c4776265655562ce2c82d62ce0b2c9a470c7acc9408de632cdfe4a222b19a7a8f2244a9b9823d916d90eafc5fc5de7eecb9c8de80b4583c85e0635
SSDEEP

1536:Ob5ROaQ8HTbTcm3lLzcLLyOrIpjGmdEckcWrjBNgytcpPyR0wHPx85:OeaQ8IqE0ijLgytcpPXwvxq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d51da693f80dc30b09b484c9f9d4a20ffc08ac0297183234ea3f9b8a5318683

Files

5d51da693f80dc30b09b484c9f9d4a20ffc08ac0297183234ea3f9b8a5318683
.exe windows:4 windows x86 arch:x86

f4c703d23728a982fb639d449bb3312d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
Sleep
GetTickCount
WriteFile
CloseHandle
DeleteFileA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetLastError
DeviceIoControl
CreateFileA
GetModuleHandleA
GetWindowsDirectoryA
GetTempPathA
GetModuleFileNameA
IsBadReadPtr
GetCommandLineA
GetSystemDirectoryA

user32

DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CreateServiceA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shlwapi

PathFindFileNameA

msvcrt

??2@YAPAXI@Z
_ftol
strchr
atoi
modf
??3@YAXPAX@Z
_CIfmod
srand
rand
sprintf
strrchr

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ