blackmoon | e5aa445a4f523de1b08d0efdd47c1fac[.]bin

General

Target

e5aa445a4f523de1b08d0efdd47c1fac.bin
Size

11.4MB
MD5

48441d642e7e071230ca91b433331a4b
SHA1

fa428617ae8ef63d409483be2b901b744b702b8d
SHA256

1dd270adeebab36a2b1320f0b557aacca783bc1d0d2db1679cf7ebe0a3b30709
SHA512

c39221d87a30571e66d360aa81acbc36e915db209e1dab506af69a913e27f1193a8ab1d8683e76f2306100fb4b5a31cd519d20ce89b0280af3ef6a81b964e3d8
SSDEEP

196608:I8TOpE2k5ZZn10ZINyi/5aNTV/h0NlvMuiHQ1rXxpo5nQLLEGVLTVuPRiw8NpWZn:ZXZO4xsN1mNNiHYOKLVL289iEg

Score

10^/10

upx blackmoon gh0strat

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack002/out.upx	family_blackmoon

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack002/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/7ca01cb68c03434dd6a45bd79206370dc69b8787825c5d26ec75dcc4a3b14f81.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7ca01cb68c03434dd6a45bd79206370dc69b8787825c5d26ec75dcc4a3b14f81.exe
unpack002/out.upx

Files

e5aa445a4f523de1b08d0efdd47c1fac.bin
.zip

Password: infected
7ca01cb68c03434dd6a45bd79206370dc69b8787825c5d26ec75dcc4a3b14f81.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 12.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23.7MB - Virtual size: 23.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 12.3MB

UPX1 Size: 11.7MB - Virtual size: 11.7MB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 23.7MB - Virtual size: 23.8MB

.rsrc Size: 4KB - Virtual size: 684B

UPX0
Size: - Virtual size: 12.3MB

UPX1
Size: 11.7MB - Virtual size: 11.7MB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 23.7MB - Virtual size: 23.8MB

.rsrc
Size: 4KB - Virtual size: 684B