blackmoon | 7348653bb7be5f66bcd4b889a11102b8adea7a28c5f789d21b7fb4cac541651c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7348653bb7be5f66bcd4b889a11102b8adea7a28c5f789d21b7fb4cac541651c
Size

552KB
MD5

fbaef64a5d8decaa3f4caf9d2adc97f0
SHA1

b4b752ef530de61c26e68572c8b794272a63ce98
SHA256

7348653bb7be5f66bcd4b889a11102b8adea7a28c5f789d21b7fb4cac541651c
SHA512

c097ad8a952d47a60e760781b73936da571a22538b7e6c24156d5fdec378c803009e36a3f6ada8e517f7c9f21fa45159c168a12f6ab5f37be4ef28b4a0e5a8f9
SSDEEP

12288:Bd6dzTGjATlzy8Mlv+BX+dmLMdZehwDBLK+3Ms5Jevfipl73tnC:glw8Mu0ZNtbp5aiLLt

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
7348653bb7be5f66bcd4b889a11102b8adea7a28c5f789d21b7fb4cac541651c
unpack001/out.upx

Files

7348653bb7be5f66bcd4b889a11102b8adea7a28c5f789d21b7fb4cac541651c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 549KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 668KB - Virtual size: 729KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE