blackmoon | 3c6cffa27e4a761035cacf900b1734f1b60f1531bb8c8b03b4b6588232ebc104 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c6cffa27e4a761035cacf900b1734f1b60f1531bb8c8b03b4b6588232ebc104
Size

7.7MB
MD5

939490120ead67fcffb2c5886415b6c4
SHA1

bc608b74119d93baaf39b12e6f944476a1c6ae87
SHA256

3c6cffa27e4a761035cacf900b1734f1b60f1531bb8c8b03b4b6588232ebc104
SHA512

43bae09c4f84b60a7f7215934695f2d8e5e152b3bac2b07d349976ddfff5804abb1c540396bee751c6d3e218f5a923b1437fa33caf15ced9236cf502d7611bb9
SSDEEP

98304:Elh2zIrxRsaGszV4CAea8cMZLsmPcoAbtnCUvNenhsrmoA0W9LQEuArbci50rx2y:EqzWR8sW8cMN8bhCgmsrpW9kElNmjr

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c6cffa27e4a761035cacf900b1734f1b60f1531bb8c8b03b4b6588232ebc104

Files

3c6cffa27e4a761035cacf900b1734f1b60f1531bb8c8b03b4b6588232ebc104
.exe windows:4 windows x86 arch:x86

52265065ada7990a7d3e56dc90152242

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CreateProcessA
DuplicateHandle
LoadLibraryA
GetProcAddress
GetModuleFileNameA
VirtualProtectEx
WriteProcessMemory
ResumeThread
GetThreadContext
GetThreadSelectorEntry
ReadProcessMemory
GetCurrentProcess
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
ReadConsoleA
GetStdHandle
WriteFile
CreateFileA
FreeLibrary
LCMapStringA
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetProcessHeap
Sleep

user32

MessageBoxA
wsprintfA
wvsprintfA

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash

msvcrt

malloc
_getch
sprintf
free
atoi
_ftol
strchr
_stricmp
strstr

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE