blackmoon | 2024-07-27_54c83ffe2a29a7b302748f170c5bc438_cobalt-strike_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-27_54c83ffe2a29a7b302748f170c5bc438_cobalt-strike_icedid
Size

720KB
MD5

54c83ffe2a29a7b302748f170c5bc438
SHA1

81be4be0729892702a11c7ccd41145850a6ae77a
SHA256

40b890de9debae19a2f0088d4c60c43ff4b0c379d6b46c486ac307db17a384f0
SHA512

e36f88705e63c95b2b9c81256e5c7e9bd600f8a1ddd38859f5d048c91d1baaa33b0dc2270957e095a1e225fb88f5fc8a70d216c9ab4e4836fc4198347904e827
SSDEEP

12288:P+Aw7u7c5o9h4R7E5sRMJ/FotnPqqPX2NC+VkmBSfg:P+Aw7J6/YIJJ/FotCqf2NC+Nw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-27_54c83ffe2a29a7b302748f170c5bc438_cobalt-strike_icedid

Files

2024-07-27_54c83ffe2a29a7b302748f170c5bc438_cobalt-strike_icedid
.exe windows:4 windows x86 arch:x86

1836d579410564144e3ae611c4d58199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
FreeLibrary
GetModuleFileNameA
GetCommandLineA
MoveFileA
SetFilePointer
DeleteFileA
FindFirstFileA
FindClose
Sleep
GetLocalTime
LCMapStringA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CreateFileA
WriteFile
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetTimeZoneInformation
SetLastError
GetProcessHeap
lstrcatA
lstrcpyA
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
LocalFree
lstrcpynA
LocalAlloc
DeleteCriticalSection
FlushFileBuffers
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcpyn
GetProcAddress
GetModuleHandleA
RtlMoveMemory
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
CloseHandle
MulDiv
CreateThread

user32

GetMenuItemCount
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetWindow
DestroyWindow
UnhookWindowsHookEx
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SetWindowTextA
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetMenuItemID
ClientToScreen
GetWindowTextA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
UnregisterHotKey
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
GetClassLongA
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
IsWindow
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
UpdateWindow
ShowWindow
MsgWaitForMultipleObjects
GetWindowThreadProcessId
FindWindowA
CallWindowProcA
UnregisterClassA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
SetBkColor
SelectObject
CreateFontA
RestoreDC
SaveDC
DeleteDC
CreateBitmap
TranslateCharsetInfo
GetDeviceCaps
DeleteObject

wsock32

socket
htonl
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
getpeername
getsockname
inet_addr
ntohs
recvfrom
sendto
accept
listen
recv
send
closesocket
select
connect
gethostbyname
bind
htons
WSASetLastError
ioctlsocket

urlmon

URLDownloadToFileA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

shlwapi

PathFileExistsA

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ImageList_DragMove
ImageList_DragLeave
ord17
ImageList_Add
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

shell32

DragQueryFileA
DragFinish
SHGetSpecialFolderPathA
DragAcceptFiles

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1836d579410564144e3ae611c4d58199

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wsock32

urlmon

oleaut32

shlwapi

rasapi32

winspool.drv

comctl32

wininet

shell32

advapi32

Sections

.text Size: 400KB - Virtual size: 398KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 280KB - Virtual size: 429KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 400KB - Virtual size: 398KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 280KB - Virtual size: 429KB

.rsrc
Size: 12KB - Virtual size: 8KB