blackmoon | 28a5cad8345fa946239bcfd0a67e0cd0b3108fb4ad7dcc44b55b4b322e983b9a

Sharing

Copy URL Twitter E-mail

General

Target

28a5cad8345fa946239bcfd0a67e0cd0b3108fb4ad7dcc44b55b4b322e983b9a
Size

5.2MB
MD5

b82a82d95b9764c6766061f0bfb1055f
SHA1

a7411f4ab105bfb27bdce963fb70f62ecdf23be2
SHA256

28a5cad8345fa946239bcfd0a67e0cd0b3108fb4ad7dcc44b55b4b322e983b9a
SHA512

a794ac0cd5ee2b0c20765e2e82fdfba96ce9d3b150bc111e2206b6da5727bc115db2d3937fb10754c3aaca389dfbb76e2adc64d78b0f0994ac86a25bde4cad6d
SSDEEP

98304:DYB2qnhD6HBnpg5negdwSfeP6cBMGZ7lo+H3FtoqFZojM1:Du3mpg9ASfeP6ceYH3FtoqFOm

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a5cad8345fa946239bcfd0a67e0cd0b3108fb4ad7dcc44b55b4b322e983b9a

Files

28a5cad8345fa946239bcfd0a67e0cd0b3108fb4ad7dcc44b55b4b322e983b9a
.exe windows:4 windows x86 arch:x86

9ebf695409cf7dc1cfed19249157eb85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CreateFileA
GetFileSize
CreateDirectoryA
WriteFile
SetFileAttributesA
CopyFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
Sleep
FreeLibrary
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
FindClose
FindFirstFileW
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
OpenEventA
RtlMoveMemory
GetStringTypeW
GetStringTypeA
lstrcpyn
CreateEventA
GetCommandLineA
GetTickCount
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
RaiseException
VirtualAlloc
IsBadWritePtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP

user32

WaitForInputIdle
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA

advapi32

RegDeleteValueA
RegQueryValueExW
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.8MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ebf695409cf7dc1cfed19249157eb85

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4.8MB - Virtual size: 4.9MB

.rsrc Size: 268KB - Virtual size: 264KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4.8MB - Virtual size: 4.9MB

.rsrc
Size: 268KB - Virtual size: 264KB