blackmoon | 704722f75d6f2bb436ea0aebbb2ae0974ea86c9239c574aa19a2609decfdcc43

Resubmissions

02/04/2025, 01:57

250402-cc9t2askv9 10

03/03/2025, 14:08

250303-rfzksszmx8 10

Sharing

Copy URL

Twitter E-mail

General

Target

704722f75d6f2bb436ea0aebbb2ae0974ea86c9239c574aa19a2609decfdcc43
Size

232KB
MD5

23b358626cac067726e0ebcd7434bf26
SHA1

99d54fd1d8b8faded93fb2d5b428dad55ce81234
SHA256

704722f75d6f2bb436ea0aebbb2ae0974ea86c9239c574aa19a2609decfdcc43
SHA512

bde725ccc6c0311fac7f125d9bd64ee1a6d95bcc0465c3f9ce0e5e91d99dcf397cd3102484523ce812e7ec253e3a1095ab8c0562fbd872d443ec7fed191f59ab
SSDEEP

3072:Rq4Ok+L4tTIJGM9vDdQ2rw7XTN04XWWgkjzuGVvIab0K68tASOKt6OU+DR:Rq4Z+LKM9v/NW/sab7FPDR

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
704722f75d6f2bb436ea0aebbb2ae0974ea86c9239c574aa19a2609decfdcc43

Files

704722f75d6f2bb436ea0aebbb2ae0974ea86c9239c574aa19a2609decfdcc43
.exe windows:4 windows x86 arch:x86

1eaa2dfdcb57d2bf65293115836ed7ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleHandleA
VirtualAlloc
LoadLibraryA
VirtualFree
GetModuleFileNameA
VirtualProtect
GetCurrentProcessId
LocalAlloc
LocalFree
lstrcpyn
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
VirtualQueryEx
VirtualProtectEx
OpenProcess
ReadProcessMemory
WriteProcessMemory
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LCMapStringA
InterlockedExchange
MultiByteToWideChar
IsBadCodePtr
SetUnhandledExceptionFilter
RtlMoveMemory
MapViewOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
Sleep
SetFilePointer
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
WriteFile
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
HeapSize
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
OpenFileMappingA
GetProcessHeap
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW

ws2_32

inet_addr

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

crypt32

CryptUnprotectMemory

iphlpapi

SendARP

oleaut32

SysFreeString
SysAllocString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
VariantCopy
VariantInit
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime

ole32

CoInitializeSecurity
CoUninitialize
CLSIDFromString
CoInitialize
CoSetProxyBlanket
CoCreateInstance
IIDFromString

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1eaa2dfdcb57d2bf65293115836ed7ef

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

crypt32

iphlpapi

oleaut32

ole32

wininet

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 44KB - Virtual size: 109KB

.rsrc Size: 4KB - Virtual size: 656B

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 44KB - Virtual size: 109KB

.rsrc
Size: 4KB - Virtual size: 656B