blackmoon | 2024-08-29_2e389df648021e55f5bceca82e638e77_hacktools_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_2e389df648021e55f5bceca82e638e77_hacktools_icedid
Size

13.1MB
MD5

2e389df648021e55f5bceca82e638e77
SHA1

aeaa881fc16e084ca82db3b029f61f0a916fb074
SHA256

8a430fd75165327468c588357b6cb45311069f83de8263f7c0f2ec38730fa98d
SHA512

a0dce463f493ac0692d580fd26e9c105caa10ed6e43f05bbdb1b481e911fc889711a9c2c73e0f403c13a2bc008c43f9d31c4955b039fedc11c59682afa335495
SSDEEP

196608:5UYexjS7z4Q++5Ymi9/xmP7l2zoKI0BTLkKvKPC+corw/q07j/KpYK5NDV:5XQjS7sL19cPmoKjBTLkwXn5e

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-29_2e389df648021e55f5bceca82e638e77_hacktools_icedid

Files

2024-08-29_2e389df648021e55f5bceca82e638e77_hacktools_icedid
.exe windows:4 windows x86 arch:x86

fe515f29193a16b583a45a14d13a7631

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
PathIsDirectoryA
PathFileExistsA
SHDeleteValueA
PathAppendA

winmm

waveOutGetNumDevs
mciSendStringA
waveOutGetDevCapsA
PlaySoundA

ws2_32

sendto
recvfrom
gethostbyname
bind
inet_ntoa
gethostname
closesocket
connect
recv
gethostbyaddr
socket
inet_addr
htons
WSAStartup
send
WSACleanup
ioctlsocket
shutdown
__WSAFDIsSet
select
WSAGetLastError

kernel32

LCMapStringA
FreeLibrary
GetCommandLineA
WritePrivateProfileStringA
SetFilePointer
FindClose
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
DeleteFileA
CopyFileA
GetLocalTime
Sleep
GetUserDefaultLCID
MoveFileA
WriteFile
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenW
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
SuspendThread
TerminateThread
UnhandledExceptionFilter
GetModuleHandleW
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
GetVersion
lstrlenA
DeviceIoControl
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
GlobalSize
FlushInstructionCache
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
Thread32Next
Thread32First
CreateProcessA
LocalFree
LocalAlloc
IsBadReadPtr
VirtualProtect
LoadLibraryA
VirtualQueryEx
GetCurrentThread
lstrcpyA
SizeofResource
GetCurrentThreadId
TerminateProcess
GetLongPathNameA
Process32Next
Process32First
Module32Next
Module32First
CreateToolhelp32Snapshot
lstrcpynA
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetTickCount
GetProcAddress
VirtualAlloc
MultiByteToWideChar
WideCharToMultiByte
VirtualFree
GlobalAlloc
GlobalLock
GlobalUnlock
OpenProcess
GetCurrentProcessId
CloseHandle
LockResource
LoadResource
FindResourceA
LoadLibraryExA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
GetVolumeInformationA
GetDriveTypeA
InterlockedExchange
GlobalMemoryStatus
GetTempPathA
GetWindowsDirectoryA
EnumResourceNamesA
GetSystemDirectoryA
CreateDirectoryA
GetProfileStringA
SetLastError
WriteProfileStringA
lstrcatA
WinExec
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
GetStringTypeW
GetStringTypeA
GetACP
HeapSize
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
GetFileTime
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
MulDiv
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
VerLanguageNameA
GlobalFree
RtlMoveMemory
GetModuleHandleA
GetCurrentProcess

user32

UnregisterClassA
SystemParametersInfoA
LoadCursorW
LoadIconW
RegisterClassExW
DefWindowProcW
MsgWaitForMultipleObjects
CallWindowProcA
GetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
GetDesktopWindow
GetWindow
GetClassNameA
EnumChildWindows
GetWindowTextA
GetClientRect
IsWindow
PostMessageA
ShowWindow
AttachThreadInput
SetActiveWindow
SetForegroundWindow
SetFocus
GetFocus
SetWindowPos
ClientToScreen
SetCursorPos
FindWindowA
FindWindowExA
GetCursorPos
SendMessageTimeoutA
GetMessageExtraInfo
mouse_event
GetDoubleClickTime
SwapMouseButton
SetParent
GetWindowRect
MoveWindow
RegisterWindowMessageA
CreateWindowExW
SendMessageW
UpdateWindow
GetClassLongA
SetWindowTextA
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
SendMessageA
PostQuitMessage
GetPropW
GetDC
ReleaseCapture
CallWindowProcW
SetCursor
BeginPaint
EndPaint
ReleaseDC
GetWindowLongW
SetWindowLongW
UpdateLayeredWindow
TrackMouseEvent
KillTimer
RemovePropW
IsZoomed
PostMessageW
SetCapture
SetPropW
GetWindowTextW
IsRectEmpty
SetTimer
SetWindowRgn
RedrawWindow
GetIconInfo
CreateCaret
DestroyCaret
GetKeyState
SetCaretPos
GetAsyncKeyState
DefWindowProcA
DefMDIChildProcA
LoadCursorA
SetWindowLongA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
GetParent
ScreenToClient
PostThreadMessageA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetSystemMetrics
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
IsIconic
DestroyIcon
ActivateKeyboardLayout
UnloadKeyboardLayout
GetKeyboardLayoutList
SetClassLongA
SetRect
RemovePropA
GetPropA
SetPropA
MessageBoxA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ValidateRect
InvalidateRect
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
WindowFromPoint
PtInRect
EnumWindows
ChangeDisplaySettingsA
EnumDisplaySettingsA
keybd_event
LoadImageA
VkKeyScanExA
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
LoadStringA
EndDialog
CreateDialogIndirectParamA
LoadBitmapA
GetKeyboardState
RegisterClipboardFormatA

gdi32

CombineRgn
ExtCreateRegion
GetObjectA
GetStockObject
GetTextExtentPoint32W
GetDIBits
GetObjectW
StretchBlt
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
Escape
EnumFontFamiliesExA
AddFontResourceA
RemoveFontResourceA
GetDeviceCaps
CreateCompatibleBitmap
CreateDCA
RealizePalette
SelectPalette
CreateBitmap
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
GetNearestPaletteIndex
CreatePalette
CreateDIBitmap
SaveDC
CreateRoundRectRgn
GetPixel

comdlg32

GetFileTitleA
PrintDlgA
GetOpenFileNameA

advapi32

RegCloseKey
InitializeSecurityDescriptor
RegQueryValueExA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetLengthSid
RegCreateKeyA
RegDeleteKeyA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegGetKeySecurity
AllocateAndInitializeSid
FreeSid
InitializeAcl
AddAce
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyA
RegDeleteValueA
RegEnumValueA

shell32

SHGetPathFromIDListA
DragAcceptFiles
DragFinish
DragQueryFileA
SHChangeNotify
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHEmptyRecycleBinA

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ord17

ole32

CoInitialize
CoUninitialize
CoCreateGuid
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromString
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleRun
CoCreateInstance
CLSIDFromProgID
OleFlushClipboard

gdiplus

GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromHICON
GdipSetInterpolationMode
GdipCloneBitmapArea
GdipCreateSolidFill
GdipImageSelectActiveFrame
GdipDeleteStringFormat
GdipMeasureString
GdipGetFontHeight
GdipGetFontSize
GdipDeleteBrush
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipBitmapGetPixel
GdipDrawString
GdipSetCompositingQuality
GdipSetClipPath
GdipFillPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipGetImagePixelFormat
GdipCombineRegionRect
GdipCreateMatrix
GdipGetRegionScansCount
GdipGetRegionScans
GdipDeleteMatrix
GdipFillPolygon
GdipFillRectangle
GdipCreateLineBrushFromRect
GdipCreateRegionHrgn
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipDeleteRegion
GdipResetClip
GdipDisposeImageAttributes
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetVisibleClipBounds
GdipSetClipRect
GdipSetClipRegion
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateFromHDC
GdipGraphicsClear
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRect
GdipDrawPolygon
GdipCreateStringFormat
GdipGetStringFormatTrimming
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatFlags
GdipCreateLineBrush
GdipGetDC
GdipReleaseDC
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipGetFamilyName
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdiplusStartup
GdipGetFontStyle

atl

ord10
ord47
ord42
ord11

imagehlp

CheckSumMappedFile

crypt32

CryptMsgGetParam
CertCloseStore
CryptQueryObject
CryptMsgClose

imm32

ImmGetContext
ImmAssociateContext
ImmGetCompositionStringA
ImmReleaseContext
ImmInstallIMEA
ImmGetDescriptionA
ImmIsIME
ImmLockIMC
ImmUnlockIMC
ImmGetIMEFileNameA

iphlpapi

SendARP
GetAdaptersInfo

oledlg

ord8

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetDim
VariantInit
VariantChangeType
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy

mpr

WNetAddConnection2A
WNetOpenEnumA
WNetCancelConnection2A
WNetCloseEnum
WNetEnumResourceA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
SetPrinterA
ClosePrinter
GetPrinterA

wininet

InternetOpenUrlA
InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetGetConnectedState
InternetOpenA

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10.0MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe515f29193a16b583a45a14d13a7631

Headers

File Characteristics

Imports

shlwapi

winmm

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

gdiplus

atl

imagehlp

crypt32

imm32

iphlpapi

oledlg

oleaut32

mpr

version

winspool.drv

wininet

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 10.0MB - Virtual size: 10.1MB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 10.0MB - Virtual size: 10.1MB

.rsrc
Size: 512B - Virtual size: 16B