blackmoon | 4e9a0a16a40cb867303a9819ed0fa1f6c57db6c1a13f2b588a1db99151fdcf6e | Triage

Sharing

General

Target

4e9a0a16a40cb867303a9819ed0fa1f6c57db6c1a13f2b588a1db99151fdcf6e
Size

12.3MB
MD5

93b671332b99ad1397826ec7d61794ff
SHA1

c5b6cb6e219ca5216a84fc2a0d30cfed153a5be4
SHA256

4e9a0a16a40cb867303a9819ed0fa1f6c57db6c1a13f2b588a1db99151fdcf6e
SHA512

3c455aa90e6259e7226ae968e388217147ea8ad78e6e7845558adb86fab2c18fd935fcd98ca27eb4a162a519493773897f7a1786692094a9e63bd19555f9ee1e
SSDEEP

196608:CBacVlnfAhvMfPhpjq2Rj7Mecc2hiLlv0Yn3Q2daGuri93wmaARIy3RoLeW:CBawfANCqwMUFn3jdyHARIySLe

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e9a0a16a40cb867303a9819ed0fa1f6c57db6c1a13f2b588a1db99151fdcf6e

Files

4e9a0a16a40cb867303a9819ed0fa1f6c57db6c1a13f2b588a1db99151fdcf6e
.exe windows:4 windows x86 arch:x86

e00884f915477d47f986c804aa74afc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
lstrlenW
WideCharToMultiByte
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
WriteFile
GetStdHandle
ReadConsoleA
OpenProcess
WritePrivateProfileStringA
ReadFile
GetFileSize
CreateFileA
GetEnvironmentVariableA
DeleteFileA
MoveFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetCurrentProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
Sleep

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowTextW
GetWindowTextLengthW
FindWindowExA
PeekMessageA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

msvcrt

_stricmp
_getch
free
__CxxFrameHandler
??3@YAXPAX@Z
malloc
sprintf
atoi
_ftol
strrchr
strchr
realloc
memmove
modf
strncmp

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE