blackmoon | fe96dce719d6f2e220c92cb39d106200N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fe96dce719d6f2e220c92cb39d106200N.exe
Size

180KB
MD5

fe96dce719d6f2e220c92cb39d106200
SHA1

205ca7b6fd06d3456dd7dd2028d1049f98f96609
SHA256

27f9e4c3f2fcdf348ea5ef88ed9f39555d339c5ebcde348e51dc4723dde7df45
SHA512

7fd42627cc97a05d6e757ac8a556e9db6541f356e71b5abfbf1050222fb26eecaebfb8515c19f9e39c648b95c2d14127b56047f73b4c28300c43ff32228de3cf
SSDEEP

3072:t2AbEwGBx78TcZHE2fFd97LJ0c1vxF3Vy+ZwCpctamZeJEjqM9b6OjegUo3ShFIT:t2AbEwGBx78TcZHE2fFd97N0c1JF3c+u

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe96dce719d6f2e220c92cb39d106200N.exe

Files

fe96dce719d6f2e220c92cb39d106200N.exe
.exe windows:4 windows x86 arch:x86

a1bde99083dffef34b0515af024c3340

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WriteFile
CancelIo
ReadFile
lstrlenW
WideCharToMultiByte
GetLocalTime
GlobalAlloc
GlobalLock
RtlMoveMemory
GlobalUnlock
lstrcpyn
FindFirstFileW
FindClose
VirtualQueryEx
lstrcpynA
CreateWaitableTimerA
SetWaitableTimer
VirtualAlloc
VirtualFree
GetProcAddress
GetProcessHeap
GetModuleHandleA
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
Sleep
GetUserDefaultLCID
CreateProcessA
GetStartupInfoA
DeleteFileA
GetTickCount
GetFileSize
GetCommandLineA
FreeLibrary
LCMapStringA
DeleteCriticalSection
CreateThread
GetCurrentDirectoryW
WaitForSingleObject
MultiByteToWideChar
LocalFree
LocalAlloc
TerminateProcess
OpenProcess
GetCurrentProcess
GetCurrentProcessId
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
ExitProcess
LoadLibraryA

user32

DispatchMessageA
TranslateMessage
MessageBoxA
ReleaseDC
wsprintfA
MsgWaitForMultipleObjects
GetSystemMetrics
PeekMessageA
GetMessageA
GetAsyncKeyState
GetForegroundWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDC

advapi32

EqualSid
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
FreeSid

shell32

ShellExecuteA
ShellExecuteExW

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

winhttp

WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCloseHandle

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

gdi32

DeleteDC
DeleteObject
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps

msvcrt

__CxxFrameHandler
memmove
realloc
strrchr
floor
rand
srand
modf
strncmp
strncpy
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
malloc
free
_ftol
atoi
sprintf
_except_handler3

oleaut32

VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
SafeArrayDestroy
VariantClear
VarR8FromBool

shlwapi

PathFileExistsA

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1bde99083dffef34b0515af024c3340

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

setupapi

winhttp

ole32

gdi32

msvcrt

oleaut32

shlwapi

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 81KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 81KB