blackmoon | 1906b80463b0f0eeccba10fb422fd2d1a79d849c5a838b14d3b993466c3c240cN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1906b80463b0f0eeccba10fb422fd2d1a79d849c5a838b14d3b993466c3c240cN
Size

568KB
MD5

3d91d69b4ce15f9600199d9e144142c0
SHA1

35889ea0a4cfef9c1bd926577c2ef808a8c4338c
SHA256

1906b80463b0f0eeccba10fb422fd2d1a79d849c5a838b14d3b993466c3c240c
SHA512

f2e13bed6cafe2b56917c84d1b4f64ea5cccad095d1f967e334ccaa66de159ecf353261a0ccb4d3a5c5e2fa724630ec2bfc5b0eb9f63016dd690e8ba65b968ae
SSDEEP

6144:CepwbyS7stQeIFXjBtZgJ/pBKUyK1NOmR6nCK5/03z:PpkynMTRgJ/pBryKumQnC68D

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1906b80463b0f0eeccba10fb422fd2d1a79d849c5a838b14d3b993466c3c240cN

Files

1906b80463b0f0eeccba10fb422fd2d1a79d849c5a838b14d3b993466c3c240cN
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ