blackmoon | 5df14101954560b3ce3b98e69629483e0b2085781374b38ada00a8e01b8b341a | Triage

Sharing

General

Target

5df14101954560b3ce3b98e69629483e0b2085781374b38ada00a8e01b8b341a
Size

9.2MB
MD5

b87a5db3d2e14387114b8168754da066
SHA1

eabf17f78e0e98c0dc6a1471b8a0ad67b29f94e5
SHA256

5df14101954560b3ce3b98e69629483e0b2085781374b38ada00a8e01b8b341a
SHA512

3c05e6be6aadacaced56b752d2afbcdbba0c1315b04ccead2ed7954972a981fbec003367e1637e34f929a86478fc5aec78c27ea2495b26c5846d24c3be21b1ea
SSDEEP

196608:Evwv30KJvDRkS0AUEuqpfhKLvQ8tW05E0rrDIzCCN31qrY/uyjbz+tltK1fyB9md:EvwkYvOSbUNLx0nLz1hGEbzytK1fy3gC

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5df14101954560b3ce3b98e69629483e0b2085781374b38ada00a8e01b8b341a
unpack001/out.upx

Files

5df14101954560b3ce3b98e69629483e0b2085781374b38ada00a8e01b8b341a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ