Behavioral task
behavioral1
Sample
aa27ccab35b2c6efe143c22907cfca3364f3fc5367bded59c73f2b9acba7f2abN.exe
Resource
win7-20241010-en
General
-
Target
aa27ccab35b2c6efe143c22907cfca3364f3fc5367bded59c73f2b9acba7f2abN
-
Size
469KB
-
MD5
26e3842fd1b8d9392ca3b99c2454c380
-
SHA1
3d4c780451d786b627d5e22dd561efcae73239fd
-
SHA256
aa27ccab35b2c6efe143c22907cfca3364f3fc5367bded59c73f2b9acba7f2ab
-
SHA512
f2b49c2512c8e23edad11c653f83fd274997c70a9d0354ce1715c3400ea725c166a60b8ce656fa502c360d78f25f077440fffaa45327f7339cd4c666edae483a
-
SSDEEP
6144:hqzOPI16UkWVs+QEoD/dL/4oSlCIqbKRs4EkfRDaPRrnVkWHQG:hqzIIUUvVs+IdMoSzqkR5RWVVWG
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource aa27ccab35b2c6efe143c22907cfca3364f3fc5367bded59c73f2b9acba7f2abN
Files
-
aa27ccab35b2c6efe143c22907cfca3364f3fc5367bded59c73f2b9acba7f2abN.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 1010B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE