blackmoon | 7f6ad4a07d66d6087cb7f5bf90abf45ff8373d0006a9883e217166366c4aefd6 | Triage

Sharing

General

Target

7f6ad4a07d66d6087cb7f5bf90abf45ff8373d0006a9883e217166366c4aefd6
Size

2.6MB
MD5

224b729407bf481caf0849d7893e0939
SHA1

7e5638dd88aaaafae46162fcf93e9ca4c07824ea
SHA256

7f6ad4a07d66d6087cb7f5bf90abf45ff8373d0006a9883e217166366c4aefd6
SHA512

fcbeddaf8f90c94904e3b00bc13389b71467d1aeedef55f7a34cbcee233bfd2bc5982af135555267499a972ae85b44ad02cdd13c10fa144b7e71fd1e025566f5
SSDEEP

49152:9JlNmfR/TKZzFTG9uKRd/en51NTDynq+COQqQmGM:nlNmfR/TKZNuRxw51tD2iJmGM

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f6ad4a07d66d6087cb7f5bf90abf45ff8373d0006a9883e217166366c4aefd6

Files

7f6ad4a07d66d6087cb7f5bf90abf45ff8373d0006a9883e217166366c4aefd6
.dll windows:4 windows x86 arch:x86

a9622ae7ef693ae28014c7f82e1e8466

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
VirtualAllocEx
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
SetThreadContext
CloseHandle
WriteFile
CreateFileA
GetCommandLineA
FreeLibrary
GetProcAddress
DeleteCriticalSection
CreateThread
SuspendThread
GetModuleFileNameA
LoadLibraryA

msvcrt

sprintf
strrchr
strchr
atoi
modf
free
_ftol

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA

Exports

Exports

SB

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ