blackmoon | 296a7acdf8e4fd5fa9070e8876c4cce7[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

296a7acdf8e4fd5fa9070e8876c4cce7.bin
Size

1.6MB
MD5

296a7acdf8e4fd5fa9070e8876c4cce7
SHA1

21004be813d29bb9e6094a6cf08a474d8e26ca24
SHA256

59d5c65a01281543b9ed267b522f7088eb4d6c27235d4e318448f767d5939f68
SHA512

6dcaf996e4a506fc0e01634ef84e75583beea195f58c2002c9c83623fb69be2a17e71ad4fbf0242dec0cef4c0b8cc5bb6243d5d4a80097d2e05d9b2446872923
SSDEEP

24576:atQTCDWGPF+L40TgDt3EuUtVjLgfOPmueFYYpGXRq29SaWziEIrSAlkWD/:atIhG0pgf9ueFYYgEVAZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296a7acdf8e4fd5fa9070e8876c4cce7.bin

Files

296a7acdf8e4fd5fa9070e8876c4cce7.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 932KB - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 665KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ