blackmoon | 2024-09-14_e98980c29196b21e687b39079d063801_gazer_hacktools_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-14_e98980c29196b21e687b39079d063801_gazer_hacktools_icedid
Size

14.4MB
MD5

e98980c29196b21e687b39079d063801
SHA1

7681eb48602005c5ac94436e45ac67eb67bb60b1
SHA256

7d311da70ecc5331df000a530baa350880006dd2eb522b1542ba0fc606e5193a
SHA512

93e8dcd230cfe941ed304676b3c2eb1c6ea5f64970a4eedf78003c2ae8e58f0c049069dd2fb81c9638eb601e37e42ce920822eb97912684c699664ae09f06d38
SSDEEP

196608:OmWFQBEaDpuCFzpvBPQfsYds3a8n8F5g12gqGKvmaPxoLSoJVGFE:DWFkzPQU4GCJGKOa5oLSo2

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-14_e98980c29196b21e687b39079d063801_gazer_hacktools_icedid

Files

2024-09-14_e98980c29196b21e687b39079d063801_gazer_hacktools_icedid
.exe windows:4 windows x86 arch:x86

0c84cfb31481749b3167a87dded36c8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

iphlpapi

GetAdaptersInfo

shlwapi

PathFindFileNameA
StrToIntW
StrStrW
StrToIntExW
StrStrA
StrTrimW
StrStrIW
StrRStrIW
StrCmpNA

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
midiStreamProperty
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
PlaySoundA

ws2_32

gethostname
inet_addr
gethostbyname
recv
send
connect
setsockopt
inet_ntoa
WSAStartup
WSACleanup
closesocket
accept
__WSAFDIsSet
ntohs
getsockname
select
WSAAsyncSelect
htons
bind
htonl
socket
sendto
recvfrom
ioctlsocket
listen
WSASocketA
getpeername

kernel32

GetLastError
GetFullPathNameA
GetUserDefaultLCID
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrcatA
ExitProcess
GetModuleFileNameA
WritePrivateProfileStringA
LockResource
LoadResource
FindResourceA
WaitForMultipleObjects
GetProfileStringA
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
SetSystemPowerState
LoadLibraryExA
Beep
GlobalMemoryStatus
SetLastError
GetTimeZoneInformation
GetVersion
GetCurrentThread
DuplicateHandle
GetSystemTime
GetTempFileNameA
LocalFree
FormatMessageA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LocalAlloc
GlobalHandle
TlsFree
LocalReAlloc
GetFileTime
GlobalFlags
GetProfileIntA
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadCodePtr
GetPrivateProfileStringA
OutputDebugStringA
ExpandEnvironmentStringsA
FindFirstFileA
FindClose
SetFileAttributesA
GetVersionExA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
MulDiv
SetLocalTime
GetCommandLineA
GetSystemInfo
PulseEvent
OpenEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
ChangeTimerQueueTimer
CreateTimerQueue
HeapReAlloc
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
lstrcmpiA
GetFileSize
CreateFileW
lstrcmpiW
HeapDestroy
HeapCreate
lstrcmpW
RtlZeroMemory
lstrcmpA
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualFree
GetModuleHandleW
GetWindowsDirectoryA
GetSystemDirectoryA
FreeLibrary
SetEvent
ReleaseMutex
CreateMutexA
GetLogicalDriveStringsA
ReadDirectoryChangesW
GetComputerNameA
GetDiskFreeSpaceExA
InterlockedExchange
GetShortPathNameA
TlsAlloc
ResetEvent
CreateEventA
SetEnvironmentVariableA
lstrcpyn
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
Module32Next
SetWaitableTimer
CreateWaitableTimerA
SetFilePointer
ReadFile
GetFileSizeEx
InterlockedCompareExchange
GetCurrentProcessId
GetExitCodeThread
WriteProcessMemory
VirtualProtectEx
GetProcAddress
VirtualFreeEx
CreateRemoteThread
VirtualAllocEx
CreateFileA
CreateProcessA
InterlockedDecrement
IsBadWritePtr
InterlockedExchangeAdd
LoadLibraryA
GetTempPathA
GetModuleHandleA
GlobalFree
GetCurrentThreadId
GlobalAlloc
InterlockedIncrement
VirtualQueryEx
GetCurrentProcess
lstrcpynA
ReadProcessMemory
IsBadReadPtr
TlsGetValue
TlsSetValue
Sleep
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalUnlock
GlobalSize
GlobalLock
CreateThread
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
WaitForSingleObject
LocalSize
CloseHandle
GetTimeFormatA
GetDateFormatA
GetLocalTime
VirtualAlloc
lstrlenW
GetTickCount
WideCharToMultiByte
HeapAlloc
MultiByteToWideChar
HeapFree
GetProcessHeap
RtlMoveMemory
lstrlenA
GetFileAttributesA
RemoveDirectoryA

user32

CharUpperA
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
GetClassLongA
RegisterClassA
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
GetMenuCheckMarkDimensions
wvsprintfA
CharNextA
SetWindowContextHelpId
MapDialogRect
GetSysColorBrush
GetNextDlgGroupItem
GetDesktopWindow
CreateIconIndirect
GetIconInfo
CopyIcon
LoadStringA
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowTextA
GetClassNameA
ExitWindowsEx
DrawStateA
FrameRect
GetNextDlgTabItem
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
ModifyMenuA
CreateAcceleratorTableA
GetDlgCtrlID
EnableMenuItem
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
GetClassInfoA
DeleteMenu
DestroyAcceleratorTable
GetMessagePos
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
GetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
PtInRect
OffsetRect
RedrawWindow
SetActiveWindow
SetCursorPos
InvertRect
IsRectEmpty
IsChild
EqualRect
LockWindowUpdate
GetTopWindow
MessageBeep
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
GetWindowTextLengthA
InsertMenuW
GetMenuItemCount
AppendMenuW
LoadMenuW
GetSystemMenu
CreateMenu
CharLowerW
CharUpperW
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
PostQuitMessage
DestroyIcon
SetClassLongW
GetClassLongW
SetRect
DestroyCursor
RemovePropW
GetPropW
SetPropW
MessageBoxW
EnableWindow
IsWindowEnabled
PostMessageW
ValidateRect
GetDlgItem
SendMessageW
TrackMouseEvent
SetCursor
LoadCursorW
DefMDIChildProcW
GetAsyncKeyState
SetTimer
KillTimer
ReleaseDC
GetDC
DefWindowProcW
FillRect
RegisterClassExW
LoadCursorA
DestroyWindow
GetWindow
ShowWindow
BringWindowToTop
CreateWindowExW
UpdateWindow
InvalidateRect
SetWindowRgn
SetWindowTextW
RemovePropA
MoveWindow
SetParent
DefWindowProcA
ScreenToClient
ReleaseCapture
SetCapture
SetFocus
GetFocus
EndPaint
IntersectRect
BeginPaint
CallWindowProcW
AppendMenuA
DestroyMenu
TrackPopupMenu
CreatePopupMenu
GetCursorPos
SetWindowTextA
SetWindowLongW
GetWindowLongW
SendMessageTimeoutW
CallWindowProcA
SetPropA
GetPropA
EnumWindows
GetWindowLongA
CallNextHookEx
DispatchMessageW
TranslateMessage
SetWindowsHookExW
SetWindowLongA
GetScrollPos
GetActiveWindow
GetForegroundWindow
ClientToScreen
MessageBoxA
PostThreadMessageA
MsgWaitForMultipleObjects
WaitForInputIdle
IsClipboardFormatAvailable
PeekMessageA
SetWindowPos
MapVirtualKeyA
GetGUIThreadInfo
SetKeyboardState
GetKeyboardState
AttachThreadInput
PostMessageA
SendMessageA
GetClientRect
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatA
GetClipboardData
GetClipboardFormatNameA
EnumClipboardFormats
OpenClipboard
OpenIcon
GetAncestor
GetWindowRect
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
GetParent
GetWindowThreadProcessId
IsWindowVisible
FindWindowExA
SetForegroundWindow
ShowWindowAsync
IsWindow
DrawTextW
GetDoubleClickTime
ClipCursor
GetMenuStringA
GetTabbedTextExtentA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
DrawTextA
GetCursor
CreateWindowExA
SetMenuInfo
GetClassInfoExW
UnregisterClassA

gdi32

GetPixel
StartPage
StartDocA
EndDoc
EndPage
CreateFontIndirectA
PatBlt
CreatePen
CreateBitmap
CreateBrushIndirect
FillRgn
CreateDCA
GetPolyFillMode
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
Escape
AbortDoc
SetBrushOrgEx
MoveToEx
GetTextMetricsW
SetBitmapBits
TranslateCharsetInfo
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
SetPixelV
Ellipse
ExtSelectClipRgn
GetViewportExtEx
GetMapMode
CopyMetaFileA
CreateFontA
GetBitmapBits
SetDIBitsToDevice
TextOutA
CreateRectRgnIndirect
SetPixel
GetClipRgn
CreatePolygonRgn
SelectClipRgn
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
GetTextColor
LineTo
GetTextExtentPoint32A
GetDeviceCaps
CreatePatternBrush
SetBkMode
SetTextColor
ExtCreateRegion
CreateDIBSection
GetObjectA
CreateSolidBrush
ExtTextOutA
SetBkColor
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetStockObject
DeleteDC
GetTextMetricsA
OffsetRgn
FrameRgn
Rectangle
SelectObject
LPtoDP
DPtoLP
GetCurrentObject
DeleteObject
RoundRect
CreateRoundRectRgn
GetTextExtentPoint32W
BitBlt
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

ChooseColorA
GetFileTitleA
PrintDlgA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyA
CreateProcessAsUserA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

shell32

DragFinish
DragQueryFileA
DragQueryFileW
Shell_NotifyIconW
StrRStrW
ShellExecuteA
Shell_NotifyIconA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragAcceptFiles
ShellExecuteEx

ole32

CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
CoRegisterMessageFilter
CoLockObjectExternal
DoDragDrop
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoTaskMemFree
ReleaseStgMedium
CLSIDFromProgID
OleInitialize
OleUninitialize
CoCreateInstance
OleRun
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
RevokeDragDrop
StringFromGUID2
CoUninitialize
CoInitialize
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SafeArrayDestroy
SafeArrayCreate
OleCreatePictureIndirect
SafeArrayPutElement
UnRegisterTypeLi
SysFreeString
SafeArrayGetElemsize
SysAllocStringByteLen
VarDateFromStr
SysAllocStringLen
SysStringLen
RegisterTypeLi
LHashValOfNameSys
OleCreateFontIndirect
LoadTypeLi

imagehlp

MakeSureDirectoryPathExists

atl

ord42

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
InitCommonControlsEx
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_Write
ImageList_Read
ord17
ImageList_EndDrag

wininet

InternetTimeFromSystemTime

oledlg

ord8

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c84cfb31481749b3167a87dded36c8f

Headers

File Characteristics

Imports

msvfw32

avifil32

iphlpapi

shlwapi

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

imagehlp

atl

comctl32

wininet

oledlg

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 8.6MB - Virtual size: 8.6MB

.data Size: 156KB - Virtual size: 564KB

.rsrc Size: 52KB - Virtual size: 52KB

.sedata Size: 336KB - Virtual size: 336KB

.idata Size: 16KB - Virtual size: 16KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 8.6MB - Virtual size: 8.6MB

.data
Size: 156KB - Virtual size: 564KB

.rsrc
Size: 52KB - Virtual size: 52KB

.sedata
Size: 336KB - Virtual size: 336KB

.idata
Size: 16KB - Virtual size: 16KB