blackmoon | eba19cb21992ab96876247427b4827776c8150a065fe802e5462417cb4d93998

Sharing

Copy URL

Twitter E-mail

General

Target

eba19cb21992ab96876247427b4827776c8150a065fe802e5462417cb4d93998
Size

272KB
MD5

a19582fa31f3385fba22a2bb5951e9e1
SHA1

0e63430318358ea52415993c4d8ec8adee9ade0e
SHA256

eba19cb21992ab96876247427b4827776c8150a065fe802e5462417cb4d93998
SHA512

d9e2b8c5d2c171f50bdc9ddcac86ed04e2fe022f859f5b76ac13a1cc89dca0ab8271b2cd6d0567d5eafbd3b0b01804f35291df00d41fcbe0142ef7ec1fa7d5fb
SSDEEP

3072:Q76JM1gRQ5YSjldC+g8TRuSUMPQE2i6/nh/I8dflnzNrEkPOet7IU:Q76JmYQldurfhQ+NnJgQ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eba19cb21992ab96876247427b4827776c8150a065fe802e5462417cb4d93998

Files

eba19cb21992ab96876247427b4827776c8150a065fe802e5462417cb4d93998
.exe windows:4 windows x86 arch:x86

4139b4385aaf58393586b3c11880fd05

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
lstrcpyn
RtlMoveMemory
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
Module32First
Module32Next
ReadProcessMemory
OpenFileMappingA
MapViewOfFile
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
CreateWaitableTimerA
SetWaitableTimer
VirtualQueryEx
WriteProcessMemory
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetTickCount
GetUserDefaultLCID
WriteFile
SetFilePointer
GetFileSize
ReadFile
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
lstrlenW
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetVersion
GetStartupInfoA
VirtualAlloc
TerminateThread
CreateThread
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadCodePtr
LocalFree
IsBadReadPtr
LocalAlloc
IsDebuggerPresent
lstrcatA
MultiByteToWideChar
RaiseException
OpenProcess

ws2_32

recv
WSAGetLastError
connect
ioctlsocket
shutdown
socket
htons
closesocket
select
WSAStartup
gethostname
WSACleanup
inet_addr
inet_ntoa
send
__WSAFDIsSet
gethostbyname

user32

DispatchMessageA
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
TranslateMessage
GetMessageA
PeekMessageA

iphlpapi

SendARP

oleaut32

SysFreeString
SysAllocString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
VariantCopy
SafeArrayDestroy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromCy
VarR8FromBool

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize
IIDFromString
OleRun
CLSIDFromProgID
CLSIDFromString

wininet

InternetSetCookieA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

winhttp

WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption

crypt32

CryptUnprotectMemory

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4139b4385aaf58393586b3c11880fd05

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

oleaut32

ole32

wininet

winhttp

crypt32

advapi32

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 36KB - Virtual size: 109KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 36KB - Virtual size: 109KB