Behavioral task
behavioral1
Sample
2024-06-06_fa26cfd5a2f621c95254e4f5ed6debae_icedid.exe
Resource
win7-20231129-en
General
-
Target
2024-06-06_fa26cfd5a2f621c95254e4f5ed6debae_icedid
-
Size
11.2MB
-
MD5
fa26cfd5a2f621c95254e4f5ed6debae
-
SHA1
10e126aa69021a3de33bd9e1d67bf5258b10bc9a
-
SHA256
3b4948df3b46a9f63d0ee48b73794b1ff6cbfd15531566c671746fe6c9ffd961
-
SHA512
3cb619b0fbd7eeaef79c39c49c34b8d0258100d879394064e5247f1865d517bf17c3d5b08fd63f3a7bef9ab035bac064f4124ade81d0599abcfcf4f6cf446330
-
SSDEEP
196608:2Qbu3rvVtoc6puDkMzbmaYgWF9KV3SDCA7XmZcL+k8zwFs6:r63rvVtocIuDG9rK0DCuSi8zwFs6
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-06_fa26cfd5a2f621c95254e4f5ed6debae_icedid
Files
-
2024-06-06_fa26cfd5a2f621c95254e4f5ed6debae_icedid.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10.0MB - Virtual size: 10.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 120KB - Virtual size: 350KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ