blackmoon | 28fee00fec01290d2e619438995bb09f3aae21dc63e7a06f7fb6d75a47fae972

Sharing

Copy URL Twitter E-mail

General

Target

28fee00fec01290d2e619438995bb09f3aae21dc63e7a06f7fb6d75a47fae972
Size

452KB
MD5

f5b0e37fb4dd3f0cb4fdae686a8eea3b
SHA1

6fa678c15f328b333d394ced41252da615b69c71
SHA256

28fee00fec01290d2e619438995bb09f3aae21dc63e7a06f7fb6d75a47fae972
SHA512

eefa49c3fe183d44c012ee5a3555e85df585b7b66a9d1ae95ce843a64c70220639e9920267cd48f93d77e9523c5a0ecc9c0e8897e4a4ba85b365edc4e7f40c9c
SSDEEP

12288:6MBMT+QyiiDULYhChzMRzXRMBuCMbpyJ0zE:6MBMT+QyiiDULYhChzMRsuCMtyJ0Y

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28fee00fec01290d2e619438995bb09f3aae21dc63e7a06f7fb6d75a47fae972

Files

28fee00fec01290d2e619438995bb09f3aae21dc63e7a06f7fb6d75a47fae972
.exe windows:4 windows x86 arch:x86

76e4192b32efb5d316c47fe3bd9103ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetComputerNameExA
CreateToolhelp32Snapshot
Module32First
OpenProcess
lstrcpynA
CloseHandle
WideCharToMultiByte
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
Process32First
Process32Next
GetLastError
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
RtlZeroMemory
HeapDestroy
HeapCreate
lstrlenW
lstrcmpW
lstrcmpiW
VirtualAlloc
VirtualFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
lstrlenA
lstrcmpA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
GetModuleFileNameA
Sleep
GetUserDefaultLCID
GetLocalTime
SetFilePointer
CreateDirectoryA
RtlMoveMemory
GetPrivateProfileStringA
WriteFile
WritePrivateProfileStringA
GetFileSize
DeleteFileA
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersion
CreateThread
GetTickCount
SetDllDirectoryA

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

ws2_32

WSAGetLastError
gethostname
WSAStartup
WSACleanup

shlwapi

PathRemoveFileSpecA
StrToIntW
PathFindExtensionA
PathGetArgsA
StrToIntExW
PathFileExistsA
PathFindFileNameA
PathRemoveBackslashA

psapi

GetProcessImageFileNameW

user32

GetWindowThreadProcessId
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

oleaut32

SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
VarR8FromCy
SysAllocString
SafeArrayDestroy
SafeArrayCreate
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
VariantClear

Sections

.text
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76e4192b32efb5d316c47fe3bd9103ee

Headers

File Characteristics

Imports

kernel32

ole32

ws2_32

shlwapi

psapi

user32

oleaut32

Sections

.text Size: 404KB - Virtual size: 401KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 32KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 404KB - Virtual size: 401KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 32KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 1KB