blackmoon | ab1020633466d49b9ade8ea2996b7283_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab1020633466d49b9ade8ea2996b7283_JaffaCakes118
Size

12.5MB
MD5

ab1020633466d49b9ade8ea2996b7283
SHA1

a6025a8e95ac42f36cae3df998eb7f604814379b
SHA256

89db6047ece756fc97bbe946b4dd83e9aac72e5e5da5da8c684b1e39ef2c4d2c
SHA512

d5be97ac7998a6948915eea4db670e9529d5638f4f2944b3ec75b78ae3fa14b5757fc49e3fa046d5a5efae9ea3b5a19895a0603cee5695a0f955a1ade9c9481c
SSDEEP

98304:3ZWCusNi9XwgwfoiCCZWCusNi9XwgwfooUUbYZfgs0QlxQDm:3Vi9XwgwAkVi9XwgwAVU64sf

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

ab1020633466d49b9ade8ea2996b7283_JaffaCakes118
.exe windows:6 windows x64 arch:x64

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:81:27:58:f1:0f:0e:0a:00:f1:43:cc:8a:7e:31:a9:08:f5:09:fe:0a:2d:06:b5:47:2b:3d:1a:dd:11:58:5b
Signer

Actual PE Digest

1f:81:27:58:f1:0f:0e:0a:00:f1:43:cc:8a:7e:31:a9:08:f5:09:fe:0a:2d:06:b5:47:2b:3d:1a:dd:11:58:5b

Digest Algorithm

sha256

PE Digest Matches

false

fd:fd:cc:1d:66:21:47:80:16:24:ff:ce:71:1a:b3:94:7a:ed:ec:39
Signer

Actual PE Digest

fd:fd:cc:1d:66:21:47:80:16:24:ff:ce:71:1a:b3:94:7a:ed:ec:39

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Office\Target\x64\ship\postc2r\x-none\msoxmled.pdb

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 296B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9aCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

1f:81:27:58:f1:0f:0e:0a:00:f1:43:cc:8a:7e:31:a9:08:f5:09:fe:0a:2d:06:b5:47:2b:3d:1a:dd:11:58:5bSigner

fd:fd:cc:1d:66:21:47:80:16:24:ff:ce:71:1a:b3:94:7a:ed:ec:39Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.c2r Size: 512B - Virtual size: 296B

.rsrc Size: 165KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 244B

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

1f:81:27:58:f1:0f:0e:0a:00:f1:43:cc:8a:7e:31:a9:08:f5:09:fe:0a:2d:06:b5:47:2b:3d:1a:dd:11:58:5b
Signer

fd:fd:cc:1d:66:21:47:80:16:24:ff:ce:71:1a:b3:94:7a:ed:ec:39
Signer

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.c2r
Size: 512B - Virtual size: 296B

.rsrc
Size: 165KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 244B