blackmoon | 5f6ffa5bff2deb531fc46c4439a558a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f6ffa5bff2deb531fc46c4439a558a8_JaffaCakes118
Size

339KB
MD5

5f6ffa5bff2deb531fc46c4439a558a8
SHA1

e3b2ddfeed1396a739cc58017bb26fb562867019
SHA256

e0d508841ed122d4348ec9717de9fe3b361a8a701036614a92998519a16debcc
SHA512

b448ccbe5abb6abf2cac51d982ecb8402a3b918abfa07524f355a2436e6d750d621f107ebe4c4360822b194d086956357cd1fdb715b2949882164f123327ae22
SSDEEP

6144:hPYDNESCjBMDn7EveqPqVP6vtolqEvz/dP4VtuzxlKq2nIknvvf77J1nNFn:hPYDSSeBM0WjP6v2l5dwKxYq29fnJNNZ

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack002/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/QQ餐厅宝贝.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ餐厅宝贝.exe
unpack002/out.upx

Files

5f6ffa5bff2deb531fc46c4439a558a8_JaffaCakes118
.rar
QQ餐厅宝贝.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 341KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 456KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
system.ini
新云软件.url
.url