Behavioral task
behavioral1
Sample
5d7b8fbf7091672744ecb5fd3ff0664032b0463ff332fefaf892105156e71226_Sigmanly.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
5d7b8fbf7091672744ecb5fd3ff0664032b0463ff332fefaf892105156e71226_Sigmanly.exe
Resource
win10v2004-20241007-en
General
-
Target
5d7b8fbf7091672744ecb5fd3ff0664032b0463ff332fefaf892105156e71226_Sigmanly
-
Size
3.5MB
-
MD5
a1907452a6e7e8748f91900a0383a602
-
SHA1
5a59e8301a8175a0128b0da0aba8c2d4a9190764
-
SHA256
5d7b8fbf7091672744ecb5fd3ff0664032b0463ff332fefaf892105156e71226
-
SHA512
99f4021c7d6262e9da5471d5e6062894d5c48db7245d808f308bf94fa4b64d4adc4c8bdad92e8728c570880fc31e46d2a08424af63fddfbb2ae61bb0a6e9dbad
-
SSDEEP
49152:XmfO1+/gMtaL/lDTR0mCw/et56VRx4ZPXUHZ6:ftxLZTR0KetU+
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5d7b8fbf7091672744ecb5fd3ff0664032b0463ff332fefaf892105156e71226_Sigmanly
Files
-
5d7b8fbf7091672744ecb5fd3ff0664032b0463ff332fefaf892105156e71226_Sigmanly.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
L_VhVy Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
L_XwhY Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE