blackmoon | 2023-08-26_cc67be85ec55917fb5090e5e795338f1_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_cc67be85ec55917fb5090e5e795338f1_icedid_JC.exe
Size

2.4MB
MD5

cc67be85ec55917fb5090e5e795338f1
SHA1

c83c25cf5d397bd21331ee11962466c937984f26
SHA256

8e927d40434d118f57849e1a07843566a4b8e8859e8227b4b2cdfeb3d3fc8b43
SHA512

19ad4ef09ba7d5bdf590f8a972ff3a9c63c7c6afbe4302519dac9f8f9b08b40a308fe073af1bea7719dd9a2b009b0d23ecb151b5ecdd0fc414a52e328b29c09e
SSDEEP

49152:tI/V4F0WVGA+uCJWnwVuDt8Kx5fpxIqQ:vdGIpl5hxIl

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_cc67be85ec55917fb5090e5e795338f1_icedid_JC.exe

Files

2023-08-26_cc67be85ec55917fb5090e5e795338f1_icedid_JC.exe
.exe windows:4 windows x86

e11778d57a8675ec19efaeab0ce5476a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
HeapFree
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
CreateFileA
SetFilePointer
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
RaiseException
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection

user32

MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayGetLBound

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e11778d57a8675ec19efaeab0ce5476a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 4KB - Virtual size: 41KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 4KB - Virtual size: 41KB