blackmoon | 86aa12bc7a7b255cbd7387b06d00eb30_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

86aa12bc7a7b255cbd7387b06d00eb30_JaffaCakes118
Size

22.2MB
MD5

86aa12bc7a7b255cbd7387b06d00eb30
SHA1

48118fde605ceae458a39f298b7f558e72740b91
SHA256

6053b7c081dc2a01ca8a27bf2e31f5c85c3b08ddbd6a8334bfda44c2c4341466
SHA512

25d1fab40e694484dec38fcf99cfeef12972ecf808f315992334c3ed59f23ce971eb9a88fbe878133df18abe8b2a5342e4a9cfe4e6c2de4fd6615a639a75761e
SSDEEP

98304:RTCPCGJTCPCGJTCPCGJY7xtLK3BDhtvS0Hpe4zbpaAKQkroGIkyVPKAeUbYZfgsJ:/cBnvjeApaAvkt3U64s6uQy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

86aa12bc7a7b255cbd7387b06d00eb30_JaffaCakes118
.exe windows:6 windows x86 arch:x86

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-03-2016 19:21

Not After

30-06-2017 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:62:8a:88:33:6a:b3:29:cc:07:82:5d:46:f8:b5:26:98:ec:aa:85:7c:83:4d:71:a6:63:b0:bc:d3:51:d1:80
Signer

Actual PE Digest

68:62:8a:88:33:6a:b3:29:cc:07:82:5d:46:f8:b5:26:98:ec:aa:85:7c:83:4d:71:a6:63:b0:bc:d3:51:d1:80

Digest Algorithm

sha256

PE Digest Matches

false

04:4e:9e:33:d6:36:4d:fd:54:18:6a:c4:17:15:ab:e7:a1:12:99:11
Signer

Actual PE Digest

04:4e:9e:33:d6:36:4d:fd:54:18:6a:c4:17:15:ab:e7:a1:12:99:11

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\msosqm.pdb

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 220B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9aCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

68:62:8a:88:33:6a:b3:29:cc:07:82:5d:46:f8:b5:26:98:ec:aa:85:7c:83:4d:71:a6:63:b0:bc:d3:51:d1:80Signer

04:4e:9e:33:d6:36:4d:fd:54:18:6a:c4:17:15:ab:e7:a1:12:99:11Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 892B

.c2r Size: 512B - Virtual size: 220B

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 512B - Virtual size: 332B

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

68:62:8a:88:33:6a:b3:29:cc:07:82:5d:46:f8:b5:26:98:ec:aa:85:7c:83:4d:71:a6:63:b0:bc:d3:51:d1:80
Signer

04:4e:9e:33:d6:36:4d:fd:54:18:6a:c4:17:15:ab:e7:a1:12:99:11
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 892B

.c2r
Size: 512B - Virtual size: 220B

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 512B - Virtual size: 332B