blackmoon | 2024-04-16_bc39061de60c88d5511d6f8df4c69a54_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_bc39061de60c88d5511d6f8df4c69a54_icedid
Size

1.1MB
MD5

bc39061de60c88d5511d6f8df4c69a54
SHA1

37ead011e23cf9e83e9351fef11cebd37228e013
SHA256

e6c137d95ebc48d989850c93b1aad805f0bff1763fd3dab0034b8d78fd24a7bc
SHA512

5dd16dbc428d3cc0fea55126a6bdc3e783ff7679375f2b6a6daae143b08817d442544e8c2013b181e8e2217c3136797a586c114be390597200bbbe0048f3f2f1
SSDEEP

24576:l1AIbPBMM0ScTeEJmj6vo0e1aWFtKZ0etgRUNdfjnMogRUNdfjujpr:lS04eQocZl3rMoru1r

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_bc39061de60c88d5511d6f8df4c69a54_icedid

Files

2024-04-16_bc39061de60c88d5511d6f8df4c69a54_icedid
.exe windows:4 windows x86 arch:x86

40cd80de610a1dd82dca148c6ee4be4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetFileAttributesA
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetACP
TerminateProcess
HeapSize
RaiseException
RtlUnwind
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
Process32First
Process32Next
VirtualAlloc
VirtualFree
GetCurrentProcessId
OpenFileMappingA
CreateFileMappingA
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetStartupInfoA
CreateProcessA
WaitForSingleObject
SetFileAttributesA
DeleteFileA
GetStdHandle
WriteFile
FindClose
FindFirstFileA
FindNextFileA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
WideCharToMultiByte
lstrlenW
GetTickCount
Sleep
CloseHandle
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
FreeEnvironmentStringsW
VirtualProtect
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetCurrentThreadId
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers

user32

GetWindowTextW
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
GetAsyncKeyState
wvsprintfA
mouse_event
FindWindowExA
GetParent
IsWindowVisible
GetClassLongA
PeekMessageA
OpenClipboard
EmptyClipboard
CloseClipboard
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
wsprintfA
MessageBoxA
GetWindowInfo
EnableWindow
IsWindowEnabled
GetForegroundWindow
SetForegroundWindow
SetWindowsHookExA
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
CreateWindowExA
GetDlgCtrlID
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetWindowTextLengthW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
send
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetObjectA
Escape

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 764KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40cd80de610a1dd82dca148c6ee4be4f

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

gdi32

winspool.drv

comctl32

Sections

.text Size: 336KB - Virtual size: 333KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 764KB - Virtual size: 850KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 336KB - Virtual size: 333KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 764KB - Virtual size: 850KB

.rsrc
Size: 4KB - Virtual size: 664B