blackmoon | 84eb7a72c85f78b8f7cc8e6e23bd494b_icedid_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84eb7a72c85f78b8f7cc8e6e23bd494b_icedid_JC.exe
Size

13.9MB
MD5

84eb7a72c85f78b8f7cc8e6e23bd494b
SHA1

ef3d268da9c9594c2d9dcb7979e4f9153244ebc2
SHA256

ca9a151943117eb5563e0c0def602e7551bd7ef741a0aad124dc2166af3b3c45
SHA512

99ac6ee58801fba55b0be977b43e14bd5261071a0d87b45efd8abf58092eae2380770d678e8d73da88a0538ae00a2c72cf1992319020b9113d42b61a03069df5
SSDEEP

98304:iiiHW8Sb614gV/zx2FNFhkXeTfiVoa8vPxabnkMMJBAUZLzGEhQzd/b742SV:iE8Se1ZkNktoawaOJVXjal3Lq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84eb7a72c85f78b8f7cc8e6e23bd494b_icedid_JC.exe

Files

84eb7a72c85f78b8f7cc8e6e23bd494b_icedid_JC.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 531KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.5MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 73KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE