blackmoon | 499920799f82f71624ef315b012d5c23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

499920799f82f71624ef315b012d5c23_JaffaCakes118
Size

17.7MB
MD5

499920799f82f71624ef315b012d5c23
SHA1

27ea2654beab1d360ad32e6eb048a93de49fad73
SHA256

a1b134b484dfa722cdf9883ac1ac4ce1d0e94a056b5bdd11f675ae017730acb3
SHA512

cc6a177a819b8115281c48b1874b153069f8e38864b00c9c8773ae760ec687e1adb490c41380006058a96a841cfcbe330ea2ba41610c19f7081d287f53200026
SSDEEP

196608:MC2ZhC2ZeFCmfwAtlCgCvEVWJ8CBk2yfVoxwKGF878U64s5:MC2XC2IFCmfBtYgCcVW6VsA8FC5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

499920799f82f71624ef315b012d5c23_JaffaCakes118
.exe windows:6 windows x86 arch:x86

Code Sign

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/05/2016, 17:13

Not After

03/08/2017, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:26:50:7a:9a:8a:43:ea:34:b2:54:1e:29:83:b4:8b:49:c8:0f:11:fc:0a:b9:e1:2f:ae:e1:3d:da:71:38:87
Signer

Actual PE Digest

00:26:50:7a:9a:8a:43:ea:34:b2:54:1e:29:83:b4:8b:49:c8:0f:11:fc:0a:b9:e1:2f:ae:e1:3d:da:71:38:87

Digest Algorithm

sha256

PE Digest Matches

false

5d:59:99:54:51:ac:c7:ce:54:3c:b8:ab:d1:a0:46:3c:fd:12:b6:cc
Signer

Actual PE Digest

5d:59:99:54:51:ac:c7:ce:54:3c:b8:ab:d1:a0:46:3c:fd:12:b6:cc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\selfcert.pdb

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 340B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:acCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

00:26:50:7a:9a:8a:43:ea:34:b2:54:1e:29:83:b4:8b:49:c8:0f:11:fc:0a:b9:e1:2f:ae:e1:3d:da:71:38:87Signer

5d:59:99:54:51:ac:c7:ce:54:3c:b8:ab:d1:a0:46:3c:fd:12:b6:ccSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 178KB - Virtual size: 178KB

.data Size: 8KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 9B

.c2r Size: 512B - Virtual size: 340B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 9KB

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

00:26:50:7a:9a:8a:43:ea:34:b2:54:1e:29:83:b4:8b:49:c8:0f:11:fc:0a:b9:e1:2f:ae:e1:3d:da:71:38:87
Signer

5d:59:99:54:51:ac:c7:ce:54:3c:b8:ab:d1:a0:46:3c:fd:12:b6:cc
Signer

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 178KB - Virtual size: 178KB

.data
Size: 8KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 9B

.c2r
Size: 512B - Virtual size: 340B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 9KB