blackmoon | c6ca37fbc2a60033a44ea63d2e7ec744eadf9ea70912225129e7353c9755fd23 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6ca37fbc2a60033a44ea63d2e7ec744eadf9ea70912225129e7353c9755fd23
Size

1.7MB
MD5

95fb0f5c2de5df672d27bc6112202482
SHA1

8fd10ea8d1b0ee94efdd69b60d888fb9abbd1db1
SHA256

c6ca37fbc2a60033a44ea63d2e7ec744eadf9ea70912225129e7353c9755fd23
SHA512

89f605de80c881d06a38d6a1134ccbc1d257255532f8ee765951e53914e4659499c0d53313b78167610299e8494dc47e7c9d5aca68f9eab3a814df9de05134b0
SSDEEP

24576:aSR5SpNN/SH9+PagBQKhgx7/Yz10Ek4OQ+CvCNyGNVLWWVfiD3O/o:/RUzNO9+PagBQKqdgxZOtymrBiqo

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c6ca37fbc2a60033a44ea63d2e7ec744eadf9ea70912225129e7353c9755fd23
unpack001/out.upx

Files

c6ca37fbc2a60033a44ea63d2e7ec744eadf9ea70912225129e7353c9755fd23
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 405KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 964KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ