blackmoon | 2024-07-23_61499e8d37ba746378f4998cc4480145_icedid | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-23_61499e8d37ba746378f4998cc4480145_icedid
Size

18.9MB
MD5

61499e8d37ba746378f4998cc4480145
SHA1

fb66e317927be0e50558b6a1278c9f3a066cbc84
SHA256

bc2ecc01ff3e99b8e46cf73e4e6c0674c5529d3c361abb33d8b3698f28529d3e
SHA512

debd1ddb642f3ed01d527d4a3da7a6ff129e7a13f57aa018e7d5653842d9363dc9432150f49c459b26c2ecf0e71b686524dff107afc3719d9751f034acb5bfd5
SSDEEP

393216:AQWBfuDq1YNYWpLP62HySulH6NTGbprAvmjpGtLv/H:/mObLPySMH8TGFSmAH

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-23_61499e8d37ba746378f4998cc4480145_icedid

Files

2024-07-23_61499e8d37ba746378f4998cc4480145_icedid
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.evmp1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.evmp3
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.evmp2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.evmp
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE