blackmoon | 6bf2ba7ec21e2010dd20a1e27a133f10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6bf2ba7ec21e2010dd20a1e27a133f10N.exe
Size

188KB
MD5

6bf2ba7ec21e2010dd20a1e27a133f10
SHA1

c0368ca07072b4abe063905c207e2aa69ea66331
SHA256

071d5fd752a6258887c4a8946486ab6a1448828b1a535eebaf74aaf6105c6b96
SHA512

50564749f7f7bd84dba5762a1061cb5491226431d5f388baaab6b6bcaf6fddd5d33b2bd1c6fcd8e82d0f8da0bff43b90d08c02a2a2cc933a1b326a7ca3bcacad
SSDEEP

3072:J1KwwpDvJ+C+ga4JvICqTgivoyXUUtKvAHxLuNkqqzUTf4PF3vrQyqQK41Oi96e0:J1KwwpD7+v4JvXsvoyXUUtKvAHxLuNkm

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bf2ba7ec21e2010dd20a1e27a133f10N.exe

Files

6bf2ba7ec21e2010dd20a1e27a133f10N.exe
.exe windows:4 windows x86 arch:x86

395d3dc7986f59b4a9801b6a051d20d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLocalTime
GlobalAlloc
GlobalLock
RtlMoveMemory
GlobalUnlock
lstrcpyn
FindFirstFileW
FindClose
VirtualQueryEx
lstrcpynA
CreateWaitableTimerA
SetWaitableTimer
VirtualAlloc
VirtualFree
GetProcAddress
CreateFileA
ResetEvent
WriteFile
CancelIo
ReadFile
GetProcessHeap
GetModuleHandleA
ExitProcess
lstrlenW
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
Sleep
GetUserDefaultLCID
CreateProcessA
GetStartupInfoA
DeleteFileA
GetTickCount
GetFileSize
GetCommandLineA
FreeLibrary
LCMapStringA
DeleteCriticalSection
CreateThread
GetCurrentDirectoryW
WaitForSingleObject
MultiByteToWideChar
LoadLibraryA
LocalFree
LocalAlloc
TerminateProcess
OpenProcess
GetCurrentProcess
GetCurrentProcessId
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
HeapAlloc

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

user32

OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetForegroundWindow
GetAsyncKeyState
MsgWaitForMultipleObjects
GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
wsprintfA
GetSystemMetrics
PeekMessageA

advapi32

AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDIBits
DeleteObject
DeleteDC

oleaut32

SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayDestroy
VariantClear
SysAllocString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantCopy

shell32

ShellExecuteExW
ShellExecuteA

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

msvcrt

_stricmp
strrchr
floor
_CIfmod
rand
srand
modf
strncmp
strncpy
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
_ftol
atoi
sprintf
memmove
__CxxFrameHandler
_except_handler3
realloc

shlwapi

PathFileExistsA

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

395d3dc7986f59b4a9801b6a051d20d4

Headers

File Characteristics

Imports

kernel32

ole32

user32

advapi32

gdi32

oleaut32

shell32

winhttp

setupapi

msvcrt

shlwapi

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 21KB - Virtual size: 81KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 21KB - Virtual size: 81KB