blackmoon | 0f38f64c3073705e2192b8e3863c1d5955e71fef83affa46fe3c1d24db816668 | Triage

Sharing

General

Target

0f38f64c3073705e2192b8e3863c1d5955e71fef83affa46fe3c1d24db816668
Size

1.8MB
MD5

d5453718fa487ea44ed67efcf0c77da6
SHA1

98ff33de41fbad8673980d6fdfa06126618f117a
SHA256

0f38f64c3073705e2192b8e3863c1d5955e71fef83affa46fe3c1d24db816668
SHA512

e6dddea431b216baf6e5c0f61863846d8e05d7bec733b1eac10a8eedc856ff006a6ffb2f2ecf0863b9f73770713a5281b4972863d9cea11a7d9f76d12bec770b
SSDEEP

49152:R5HtPFqODPCinSbulQ4/dbvj5/lMpe6wFtqszrTMqhed1u:5P76iVzbvj5/lB6GAsXgqho

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0f38f64c3073705e2192b8e3863c1d5955e71fef83affa46fe3c1d24db816668
unpack001/out.upx

Files

0f38f64c3073705e2192b8e3863c1d5955e71fef83affa46fe3c1d24db816668
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 796KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ