blackmoon | 2025-04-01_e7c207b8b624a125102d577ceda11e6a_amadey_black-basta_hawkeye_luca-stealer_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-01_e7c207b8b624a125102d577ceda11e6a_amadey_black-basta_hawkeye_luca-stealer_rhadamanthys_smoke-loader
Size

8.3MB
MD5

e7c207b8b624a125102d577ceda11e6a
SHA1

fae4bba90f846b0890496c79fc03df3be1e7193a
SHA256

6903c6b7651d0b6213109bc685eacd15376eb9cd566ac04507d89bdc09713fb1
SHA512

6c086849e4cf457376427a6931b92853286376b3a9eaf4786784c183001cccd29f736dbf112e375094c5ce2f4bb6f159e8ae677d3d835f0b23851ff0e5534b6a
SSDEEP

49152:iwnNTBXLfUlljdpCxpCy2RAR5FeA6wgwnNTBXLfUlljH/UH3pCxpCy2RAR5FeA6L:RkCPCGJSICPCGJkCPCGJS17L

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

2025-04-01_e7c207b8b624a125102d577ceda11e6a_amadey_black-basta_hawkeye_luca-stealer_rhadamanthys_smoke-loader
.exe windows:6 windows x86 arch:x86

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:68:c7:81:fd:32:6f:fd:2f:c7:ea:4e:c6:7d:62:9a:b9:ca:d2:1c:ec:13:90:fe:4b:54:9d:d4:5e:c8:7b:1e
Signer

Actual PE Digest

4d:68:c7:81:fd:32:6f:fd:2f:c7:ea:4e:c6:7d:62:9a:b9:ca:d2:1c:ec:13:90:fe:4b:54:9d:d4:5e:c8:7b:1e

Digest Algorithm

sha256

PE Digest Matches

false

ca:41:da:40:56:8b:d3:07:9b:35:f3:17:3d:72:72:41:4b:3c:0f:d5
Signer

Actual PE Digest

ca:41:da:40:56:8b:d3:07:9b:35:f3:17:3d:72:72:41:4b:3c:0f:d5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\msosqm.pdb

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 220B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9aCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

4d:68:c7:81:fd:32:6f:fd:2f:c7:ea:4e:c6:7d:62:9a:b9:ca:d2:1c:ec:13:90:fe:4b:54:9d:d4:5e:c8:7b:1eSigner

ca:41:da:40:56:8b:d3:07:9b:35:f3:17:3d:72:72:41:4b:3c:0f:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 892B

.c2r Size: 512B - Virtual size: 220B

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 512B - Virtual size: 332B

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

4d:68:c7:81:fd:32:6f:fd:2f:c7:ea:4e:c6:7d:62:9a:b9:ca:d2:1c:ec:13:90:fe:4b:54:9d:d4:5e:c8:7b:1e
Signer

ca:41:da:40:56:8b:d3:07:9b:35:f3:17:3d:72:72:41:4b:3c:0f:d5
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 892B

.c2r
Size: 512B - Virtual size: 220B

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 512B - Virtual size: 332B