blackmoon | 2024-04-22_7c5cfb1cbe850776e8b1cf1f2617a10b_icedid_xiaobaminer | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_7c5cfb1cbe850776e8b1cf1f2617a10b_icedid_xiaobaminer
Size

822KB
MD5

7c5cfb1cbe850776e8b1cf1f2617a10b
SHA1

980993dbe8f5178898fce64cd2f4f3f63902d7dd
SHA256

8b5d5a72e53d4ce12ba2e7ee79573d4b73d5c8ad25bc178400eaf81d9f2963ce
SHA512

eefdf27e987d640115b67e45c78e9664544f6b7f3e1027eceb4d797bef5f06beb4b14c68ab47e81123f9ad5a09742afe13a808fde8b0ee04d6561b81d0f1c9dc
SSDEEP

24576:7sBygZsKLNm3HkxltQV8/w6TZwxCQ3kt9je:7sYgiAmOHYew6TKAQate

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_7c5cfb1cbe850776e8b1cf1f2617a10b_icedid_xiaobaminer

Files

2024-04-22_7c5cfb1cbe850776e8b1cf1f2617a10b_icedid_xiaobaminer
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE