blackmoon | 59f065ccaf7a2bc0567db4cc5a748be1acfe8008810296a7cb0ce996ed24c98c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59f065ccaf7a2bc0567db4cc5a748be1acfe8008810296a7cb0ce996ed24c98c
Size

448KB
MD5

f66563b99b85fe502a5a029c41204ee0
SHA1

29758d6d9b5594623af5cb2a5643bfb6377e7a16
SHA256

59f065ccaf7a2bc0567db4cc5a748be1acfe8008810296a7cb0ce996ed24c98c
SHA512

a71c22b8a3777cad346663ea2d62880b88c42d6a89ec49f4747a448f1689b2b96ce2dd8c0c364d0a071e944d015eafea150b39af39539855e1fa73518647f54b
SSDEEP

6144:KWujBwXqZu4R6sl01F6ovBMyFyhk4BvD1vLv/Zp3DU7cDb/fKgI8Qzs+CMNrEcTp:bpXIZSP5qzrpxpA4DbKgaJjr+Hcb

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
59f065ccaf7a2bc0567db4cc5a748be1acfe8008810296a7cb0ce996ed24c98c
unpack001/out.upx

Files

59f065ccaf7a2bc0567db4cc5a748be1acfe8008810296a7cb0ce996ed24c98c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 980KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 426KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 764KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ