blackmoon | a863116ee1fc48073da373d7310eef8b77372ae38924931160d174bb9395ce64 | Triage

Sharing

General

Target

a863116ee1fc48073da373d7310eef8b77372ae38924931160d174bb9395ce64
Size

3.8MB
MD5

9b097979bbba12df5c120c583fc5ee29
SHA1

ae748b7b03f6533830ebd7ea8b772b71a7881ce4
SHA256

a863116ee1fc48073da373d7310eef8b77372ae38924931160d174bb9395ce64
SHA512

d8f0976db99c00bf9fdede59eaa3eb898386fb0278ee814fff37a4dc3e2b0bd1bc5fe09a9e45c6b85f71a59ff7529d87d02ff428299ff4c81cfe22558a8009f8
SSDEEP

49152:GQZiGChdagYKNQYEwc57AhK7Cnfbv7EPF0Ehz2B36p6KJR43uNLIURWuWoKcY:GDYKNw7+K7Wr7EZ2VS9JR4+5IaWuW8Y

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a863116ee1fc48073da373d7310eef8b77372ae38924931160d174bb9395ce64

Files

a863116ee1fc48073da373d7310eef8b77372ae38924931160d174bb9395ce64
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20.2MB - Virtual size: 20.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmps0
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmps1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ