blackmoon | 2024-05-29_8450ca193cb5a0f21672019c794160f0_cobalt-strike_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-29_8450ca193cb5a0f21672019c794160f0_cobalt-strike_icedid
Size

560KB
MD5

8450ca193cb5a0f21672019c794160f0
SHA1

ac97ef808adc93a50134c08cafe38e7384fb5b70
SHA256

6078ded4a7a9d8c20385e8f9e4e6ee5a8eb3544e4234dd5199fe095ce1d414fc
SHA512

d17434eb148576eee5be7f5ee4ff816d353c3713701167db5b5c60180e931e0e054da12934013412fe35acc8fbf54240cd7bcc819836f24508e98f1a48ff6a35
SSDEEP

6144:OREvevo0fLBlrpF+ek0B7F8zekO+nZd2I4cqUh2q/+KmL/v0o/:jveRfLBlrpEek0B7F8ywZdF40H+Kmr

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-29_8450ca193cb5a0f21672019c794160f0_cobalt-strike_icedid

Files

2024-05-29_8450ca193cb5a0f21672019c794160f0_cobalt-strike_icedid
.exe windows:4 windows x86 arch:x86

77b9a1b33e5c267f6a5bce9d03740948

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
GetTempPathA
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
RemoveDirectoryA
SetFilePointer
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
GetTickCount
GetVersionExA
GlobalLock
GlobalUnlock
GetLocalTime
GetEnvironmentVariableA
GetStartupInfoA
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
DeleteFileA
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetSystemInfo
GetComputerNameA
WaitForSingleObject
QueryPerformanceCounter
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
GlobalAlloc
VirtualFree
GetProcAddress
LoadLibraryA
VirtualAlloc
QueryPerformanceFrequency
SetLastError
GetNativeSystemInfo
GetCurrentProcessId
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
lstrcpyn
Process32Next
Process32First
GetCurrentThreadId
TerminateThread
GetExitCodeThread
SetWaitableTimer
CreateWaitableTimerA
lstrcpynA
GetTempPathW
lstrlenW
Module32First
MoveFileA
QueryDosDeviceW
CloseHandle
TerminateProcess
OpenProcess
SetStdHandle
IsBadCodePtr
GetStringTypeW
Process32NextW
Sleep
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetModuleHandleA
GetCurrentProcess
LocalFree
WideCharToMultiByte
RtlMoveMemory
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
LocalAlloc
HeapDestroy
GetFileType
GetStdHandle
DeleteCriticalSection
lstrlenA
SetSystemPowerState
GetLastError
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcpyA
InterlockedIncrement
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
CreateThread

user32

SetTimer
KillTimer
MapVirtualKeyA
EnableWindow
GetParent
IsWindowEnabled
GetActiveWindow
SetForegroundWindow
ExitWindowsEx
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
GetWindowThreadProcessId
SendInput
SetWindowLongA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
GetSysColorBrush
LoadStringA
DestroyMenu
GetAncestor
GetFocus
GetCursorPos
WindowFromPoint
SetCursorPos
ClientToScreen
DrawIcon
PostMessageW
GetForegroundWindow
PostMessageA
SetActiveWindow
AttachThreadInput
GetIconInfo
GetCursorInfo
ReleaseDC
GetDesktopWindow
MsgWaitForMultipleObjects
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageA
wsprintfA
MessageBoxA
GetWindowTextLengthA
ShowWindow
IsWindowVisible
PeekMessageA
GetWindowTextA
GetWindow
FindWindowExA
GetInputState
UnregisterClassA
DispatchMessageA
TranslateMessage
DefWindowProcA
PostQuitMessage
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
CallWindowProcA

advapi32

RegDeleteValueA
OpenServiceA
StartServiceA
QueryServiceStatus
QueryServiceStatusEx
ControlService
DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A
ChangeServiceConfig2A
GetServiceDisplayNameA
GetServiceKeyNameA
CreateServiceA
ChangeServiceConfigA
EnumServicesStatusA
EnumServicesStatusExA
EnumDependentServicesA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA
OpenSCManagerA
RegQueryValueExA
RegEnumValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathW

psapi

GetProcessImageFileNameW
GetModuleFileNameExA

shlwapi

PathFindFileNameA
PathIsDirectoryW
PathFileExistsA
PathFindExtensionA

ws2_32

htons
inet_addr
socket
gethostbyname
recv
WSACleanup
closesocket
setsockopt
WSAStartup
send
connect

gdi32

SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDIBSection
DeleteDC
SelectObject
DeleteObject
BitBlt
GdiFlush
GetStockObject
GetObjectA
CreateCompatibleDC
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77b9a1b33e5c267f6a5bce9d03740948

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

psapi

shlwapi

ws2_32

gdi32

winspool.drv

comctl32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 172KB - Virtual size: 271KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 172KB - Virtual size: 271KB

.rsrc
Size: 16KB - Virtual size: 13KB