MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 678f39a7f5bc61c4c9a0f34a0fe44f49fea5349cd51f9c8808ee2b6602ff1d79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Blackmoon


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 678f39a7f5bc61c4c9a0f34a0fe44f49fea5349cd51f9c8808ee2b6602ff1d79
SHA3-384 hash: 6159d988d477309048cf7e540a23ed9a7b6b4c42b45e3e192ce08ddf8cd89cf4325a49146e80e8bc33b299fe36f81c83
SHA1 hash: bf8bf87788034e67399584ea672031366b13db61
MD5 hash: 03970e27a3e5fbbffbbc249769f9f3bf
humanhash: nevada-eleven-crazy-delta
File name:678f39a7f5bc61c4c9a0f34a0fe44f49fea5349cd51f9c8808ee2b6602ff1d79
Download: download sample
Signature Blackmoon
File size:688'472 bytes
First seen:2022-01-04 09:03:45 UTC
Last seen:2022-01-04 11:02:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 163ce73e6369b6830f7ee781052d2470 (1 x Blackmoon)
ssdeep 6144:x9ZURaJOfiCIorsoCv0h7E9cwFyNkkCIjq7O3IWU+MagLMNLeJFuxmXROnWnK6ia:x8Ry8ixorsoC8ZGVYd3nUrCfsXRzK6ia
Threatray 135 similar samples on MalwareBazaar
TLSH T196E48D06BED280FFD655193014BA67769A3A5B020B35CFC39398DF592D33171AE3A13A
File icon (PE):PE icon
dhash icon a261bae8d2a896ca (39 x Blackmoon, 9 x Gh0stRAT, 3 x CobaltStrike)
Reporter JAMESWT_WT
Tags:42 192 232 209 Blackmoon exe signed

Code Signing Certificate

Organisation:iPhone Distribution: China Mobile Group Shandong Co., Ltd.
Issuer:Apple Worldwide Developer Relations Certification Authority
Algorithm:sha256WithRSAEncryption
Valid from:2021-05-07T06:07:32Z
Valid to:2024-05-06T06:07:31Z
Serial number: 7dd984a17e2bf0bddf54abe8cd583e42
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 384fde6e3c3e8cc10ba16b948beba37536823aeab9847027782431ca94de78e2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
2
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
678f39a7f5bc61c4c9a0f34a0fe44f49fea5349cd51f9c8808ee2b6602ff1d79
Verdict:
No threats detected
Analysis date:
2022-01-04 09:05:21 UTC
Tags:
installer

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for synchronization primitives
Creating a window
DNS request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
MalwareBazaar
CursorPosition
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
chinad greyware keylogger overlay packed wacatac
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Signature
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Emotet
Status:
Malicious
First seen:
2021-11-17 17:43:00 UTC
File Type:
PE (Exe)
Extracted files:
50
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
678f39a7f5bc61c4c9a0f34a0fe44f49fea5349cd51f9c8808ee2b6602ff1d79
MD5 hash:
03970e27a3e5fbbffbbc249769f9f3bf
SHA1 hash:
bf8bf87788034e67399584ea672031366b13db61
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments