blackmoon | 2024-08-20_2203144998e19b84b41b8cc607c00967_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-20_2203144998e19b84b41b8cc607c00967_icedid
Size

5.0MB
MD5

2203144998e19b84b41b8cc607c00967
SHA1

cebba8b3f463f8b56d0713b2f9e62637b0e13b57
SHA256

97f89f1e5f979b3e7abdab9a04ef7067c40f750578c2a7697d9a33e85507da90
SHA512

d7588ba6a2050633d794827afa6afbb27c7f2800723f85fd43aa55800b3ab60b2d819158be0e550d13854680c77cc13a3070b77efe4cbdf0ba8f1c163ca6a8bd
SSDEEP

98304:hYB2qnhD6HBnpg5negdwSfeP6cBMGZ7lo+H3FtoqFZojK:hu3mpg9ASfeP6ceYH3FtoqFOe

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-20_2203144998e19b84b41b8cc607c00967_icedid

Files

2024-08-20_2203144998e19b84b41b8cc607c00967_icedid
.exe windows:4 windows x86 arch:x86

9ebf695409cf7dc1cfed19249157eb85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CreateFileA
GetFileSize
CreateDirectoryA
WriteFile
SetFileAttributesA
CopyFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
Sleep
FreeLibrary
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
FindClose
FindFirstFileW
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
OpenEventA
RtlMoveMemory
GetStringTypeW
GetStringTypeA
lstrcpyn
CreateEventA
GetCommandLineA
GetTickCount
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
RaiseException
VirtualAlloc
IsBadWritePtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP

user32

WaitForInputIdle
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA

advapi32

RegDeleteValueA
RegQueryValueExW
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.8MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ebf695409cf7dc1cfed19249157eb85

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4.8MB - Virtual size: 4.9MB

.rsrc Size: 4KB - Virtual size: 980B

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4.8MB - Virtual size: 4.9MB

.rsrc
Size: 4KB - Virtual size: 980B