________________________
Behavioral task
behavioral1
Sample
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll
Resource
win10v2004-20240704-en
General
-
Target
a9f96a18004e5636c86b6492347ab57ea82f02ffbb31b4053fc49136a3026ce5
-
Size
45KB
-
MD5
c35792106822d983ab503ee6a8d91212
-
SHA1
c475d71abc7c230da165aadeabdb45c86aa6e8a4
-
SHA256
a9f96a18004e5636c86b6492347ab57ea82f02ffbb31b4053fc49136a3026ce5
-
SHA512
61e228c8d3d6dc7373724a0e4a754f9cd0f3d2a1293375a18b2f4fe053b80ebe3f9422fc1f4ba4fe8cde13b7d51918e85c565fc3012c3b77b7521a8d9e0fa405
-
SSDEEP
768:5hth5sciN38qgkSdHeWlzo3jUu9IafyGy6SVVxvOJlTmhtkWzvdwPmR4jkCBX:5hth5hiN38mC+aEVisXTWzlfRY
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll
Files
-
a9f96a18004e5636c86b6492347ab57ea82f02ffbb31b4053fc49136a3026ce5.zip
Password: infected
-
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll.dll windows:4 windows x86 arch:x86
5777c26250acbdcabdaf952b8e7bb328
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
HeapFree
IsBadReadPtr
GetPrivateProfileStringA
GetTickCount
GetCommandLineA
GetModuleFileNameA
FreeLibrary
HeapReAlloc
LoadLibraryA
LCMapStringA
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
Sleep
TerminateProcess
OpenProcess
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GetProcAddress
CreateThread
GetVersionExA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
RaiseException
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
user32
TranslateMessage
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
GetAsyncKeyState
PeekMessageA
GetSystemMetrics
gdi32
DeleteObject
SelectObject
DeleteDC
BitBlt
GetDIBits
shell32
ShellExecuteA
Exports
Exports
Sections
.text Size: 72KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ