Behavioral task
behavioral1
Sample
f6dc15ad55252a79313888b5b8ac237d2f3cf575e68244e20a33b848d23214c9.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
f6dc15ad55252a79313888b5b8ac237d2f3cf575e68244e20a33b848d23214c9.exe
Resource
win10v2004-20241007-en
General
-
Target
f6dc15ad55252a79313888b5b8ac237d2f3cf575e68244e20a33b848d23214c9
-
Size
140KB
-
MD5
8a6fa87850e31e9473572f213be183ec
-
SHA1
93b6b2e61ef86c7f58d74e12d2cfb2a1aaed2677
-
SHA256
f6dc15ad55252a79313888b5b8ac237d2f3cf575e68244e20a33b848d23214c9
-
SHA512
8e88a18b29507d0919b0c6d21644713c07d010bd2df0ecd4f557254aa2155ee2b093248c78572c0c307cd0441fafbc7b834680242216abb7db854a1a760c9b51
-
SSDEEP
1536:4yXYmRRnpQh7W4e4zPH8PV5WDql/VyDT8I4l8WoxtlvsF84llZCkUl3qbitCLciW:4yVjwqV54qCVt5+TlqGci4lcMctzWYa
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f6dc15ad55252a79313888b5b8ac237d2f3cf575e68244e20a33b848d23214c9
Files
-
f6dc15ad55252a79313888b5b8ac237d2f3cf575e68244e20a33b848d23214c9.exe windows:4 windows x86 arch:x86
66aaffb68e2328318513ab1e8e39519a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpyA
GlobalAlloc
SetLastError
lstrcatA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedDecrement
FlushFileBuffers
lstrcpynA
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
OpenProcess
TerminateProcess
GetCurrentProcessId
SetFilePointer
WriteFile
GlobalLock
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
MultiByteToWideChar
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrlenA
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCommandLineA
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCommandLineW
WideCharToMultiByte
LocalFree
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
CreateProcessA
OpenFileMappingA
ResetEvent
OpenEventA
SetEvent
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateEventA
InterlockedIncrement
user32
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
FindWindowA
GetWindowThreadProcessId
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
ClientToScreen
ValidateRect
ModifyMenuA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
UnregisterClassA
advapi32
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
shell32
CommandLineToArgvW
SHGetSpecialFolderPathA
gdi32
DeleteObject
GetObjectA
GetStockObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteDC
SelectObject
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
comctl32
ord17
Sections
.text Size: 92KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 664B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ