blackmoon | 2024-07-06_484b593d36b0cbcff22fb6ab748013fa_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-06_484b593d36b0cbcff22fb6ab748013fa_icedid
Size

8.6MB
MD5

484b593d36b0cbcff22fb6ab748013fa
SHA1

abc5625c6cf703ab1a27fad64a09b35ab1006478
SHA256

1dab271b152ab6bed98769bd6aac094df7b4b7372b596d776f929ce194624d2d
SHA512

0cd4cfdc0110a1f60d3eec8366b4d60c987d6d085d57443e65319071e5f0217dc6c82f1b038cda22e3780c98fcc6977fbac145190d536b21097f4ab7f4169cbb
SSDEEP

196608:Nqm+vCQSWJVHOFI0DiYXDfEa8BNNEfkhWOk7:j+6QSWAHiWD+NjhW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-06_484b593d36b0cbcff22fb6ab748013fa_icedid

Files

2024-07-06_484b593d36b0cbcff22fb6ab748013fa_icedid
.exe windows:4 windows x86 arch:x86

149d9794f74e526c5560b6303671e4d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetProcAddress
GetModuleHandleExA
lstrcpynA
RtlMoveMemory
GetCurrentProcess
ReadProcessMemory
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
FreeLibrary
LoadLibraryA
LCMapStringA

msvcrt

atoi
_ftol
sprintf
free
malloc
strchr
modf
realloc
??3@YAXPAX@Z
memmove
strncmp
__CxxFrameHandler

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.u:u
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./"8"
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NqJu
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HYp+
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.`AE
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aNh
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctfa
Size: 944KB - Virtual size: 944KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0e @
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

149d9794f74e526c5560b6303671e4d4

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 660KB - Virtual size: 658KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 96KB - Virtual size: 200KB

.rsrc Size: 24KB - Virtual size: 22KB

.u:u Size: 844KB - Virtual size: 844KB

./"8" Size: 252KB - Virtual size: 252KB

.NqJu Size: 696KB - Virtual size: 696KB

.HYp+ Size: 360KB - Virtual size: 360KB

.`AE Size: 704KB - Virtual size: 704KB

.aNh Size: 552KB - Virtual size: 552KB

.ctfa Size: 944KB - Virtual size: 944KB

.0e @ Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 660KB - Virtual size: 658KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 96KB - Virtual size: 200KB

.rsrc
Size: 24KB - Virtual size: 22KB

.u:u
Size: 844KB - Virtual size: 844KB

./"8"
Size: 252KB - Virtual size: 252KB

.NqJu
Size: 696KB - Virtual size: 696KB

.HYp+
Size: 360KB - Virtual size: 360KB

.`AE
Size: 704KB - Virtual size: 704KB

.aNh
Size: 552KB - Virtual size: 552KB

.ctfa
Size: 944KB - Virtual size: 944KB

.0e @
Size: 1.4MB - Virtual size: 1.4MB