blackmoon | 2024-09-18_51c6772b03c84192ba24e01ac6ca06b4_hijackloader_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-18_51c6772b03c84192ba24e01ac6ca06b4_hijackloader_icedid
Size

5.6MB
MD5

51c6772b03c84192ba24e01ac6ca06b4
SHA1

0822bb193bce3889edd6740388991560df2d7671
SHA256

3c608ce5f12dc8981581485fc88828e7fba6fb305b9224ed3f4dc09dc33b2a06
SHA512

ac4838ce6351954dd174929fad36d048557b55f0e16562917f305e47879bf2e390491f1ba8c0780db5fa28b47624083d18caa9079bd0919e6d99a42a566a8f91
SSDEEP

98304:1bblTjGz1L/TXlG4q6p5JBGOWB2QvJBkXykOWE:F5OmupWBvDWE

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-18_51c6772b03c84192ba24e01ac6ca06b4_hijackloader_icedid

Files

2024-09-18_51c6772b03c84192ba24e01ac6ca06b4_hijackloader_icedid
.exe windows:4 windows x86 arch:x86

1daf8cfa25a97283456d076662c21fe6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetLocalTime
SetFileAttributesA
GetEnvironmentVariableA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetFileAttributesA
GetTickCount
GetFileSize
ReadFile
WritePrivateProfileStringA
WriteFile
GetPrivateProfileStringA
FindClose
FindFirstFileA
FindNextFileA
MoveFileA
CopyFileA
CreateDirectoryA
DeleteFileA
GetModuleFileNameA
HeapFree
HeapReAlloc
ExitProcess
GetProcessHeap
HeapDestroy
HeapAlloc
HeapCreate
ReadProcessMemory
lstrcpynA
LCMapStringA
IsBadWritePtr
VirtualAllocEx
RtlMoveMemory
CreateFileA
OpenThread
CreateRemoteThread
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
WaitForSingleObject
CreateProcessA
CloseHandle
CreateThread
IsBadReadPtr
FreeLibrary
Thread32Next
Thread32First
ExitThread
SetThreadContext
OutputDebugStringA
QueryDosDeviceW
OpenProcess
GetCurrentProcess
Process32Next
Process32First
LocalFree
VerLanguageNameW
LocalAlloc
WideCharToMultiByte
lstrlenW
GetLastError
LoadLibraryA
SetWaitableTimer
CreateWaitableTimerA
GetCurrentProcessId
VirtualFree
VirtualAlloc
Module32Next
CreateToolhelp32Snapshot
VirtualProtect
DeviceIoControl
GlobalSize
GlobalMemoryStatusEx
GetLogicalProcessorInformation
GetVersion
GetSystemInfo
SetLastError
UnmapViewOfFile
MapViewOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpyA
SetFilePointer
GetVersionExA
Sleep
lstrlenA
lstrcatA
LockResource
LoadResource
FindResourceA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
MulDiv
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
HeapSize
RaiseException
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetComputerNameA
CreateEventA
OpenEventA
CreateFileMappingA
TerminateProcess
OpenFileMappingA
CreateMutexA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA

user32

GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
SetWindowTextA
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
GetSystemMetrics
GetDlgCtrlID
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDC
ReleaseDC
SetPropA
GetPropA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
GetParent
GetWindow
PtInRect
GetWindowLongA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
IsWindow
SendMessageA
GetMessageA
wsprintfA
MessageBoxA
WaitForInputIdle
CallWindowProcA
GetAsyncKeyState
SetTimer
MsgWaitForMultipleObjects
PostMessageA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
DispatchMessageA
TranslateMessage
PeekMessageA
GetWindowRect

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
CreatePalette
CreateDIBitmap
SelectObject
DeleteDC
GetNearestPaletteIndex
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
SetBkColor

shlwapi

PathFileExistsA
PathFindFileNameA
PathFindExtensionA
PathIsDirectoryW

ws2_32

closesocket
recv
getsockname
ntohs
WSAAsyncSelect
select
socket
send
WSAStartup
WSACleanup
gethostbyname
connect
inet_addr
htons

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun

psapi

GetProcessImageFileNameW

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1daf8cfa25a97283456d076662c21fe6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

ws2_32

version

advapi32

shell32

ole32

psapi

oledlg

oleaut32

winspool.drv

comctl32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 2.3MB - Virtual size: 2.4MB

.rsrc Size: 4KB - Virtual size: 640B

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 2.3MB - Virtual size: 2.4MB

.rsrc
Size: 4KB - Virtual size: 640B