blackmoon | 2024-09-18_dc93a409b2ba87e136d8a0bf796c0188_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-18_dc93a409b2ba87e136d8a0bf796c0188_icedid
Size

13.2MB
MD5

dc93a409b2ba87e136d8a0bf796c0188
SHA1

7dd1e9189dd780330b0f3f4f1783be28a36f7faa
SHA256

b6d3713495ce0e0e99d3b1d3f9666124966a170dbab7d86101cf3a1ca83ec70d
SHA512

d463970719e7f743e4ab3d10f57ff82e60515b675f522d9cb90f9069f14cbfa06f92f074efdf4b648f7def6199cf1de0eb334a6e6f85bc7f65194e6fa42bf0c7
SSDEEP

393216:dt4hCUH4PmsXMU9FeRrmmc4PxmE2/zvcNMsak:dSAUci4FmTxAb6Msa

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-18_dc93a409b2ba87e136d8a0bf796c0188_icedid

Files

2024-09-18_dc93a409b2ba87e136d8a0bf796c0188_icedid
.exe windows:4 windows x86 arch:x86

b12d21dd71d5ac9ef4423b870718d9bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
TlsAlloc
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
InitializeCriticalSection
LocalFree
LocalAlloc
GetLastError
GetCurrentThreadId
lstrcpynA
SetErrorMode
lstrcpyA
lstrcatA
MulDiv
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
MoveFileA
CopyFileA
DeleteFileA
CreateFileA
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
GetModuleFileNameA
WritePrivateProfileStringA
GetTickCount
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
InterlockedIncrement

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetClassNameA
PtInRect
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetMenuItemID
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetTopWindow
GetCapture
GetSubMenu
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
LoadStringA
UnhookWindowsHookEx
GetKeyState
CallNextHookEx
SetWindowsHookExA
UnregisterHotKey
SetCapture
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
CallWindowProcA
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetMenuItemCount
GetDlgCtrlID
PeekMessageA
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
wsprintfA
MessageBoxA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
StartServiceA
CreateServiceA
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA

gdi32

SetBkColor
DeleteDC
SetTextColor
GetClipBox
CreateBitmap
TranslateCharsetInfo
GetDeviceCaps
DeleteObject
CreateFontA
GetObjectA
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SaveDC
RestoreDC
SelectObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shlwapi

PathFileExistsA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

comctl32

ImageList_EndDrag
ord17
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_Add
ImageList_DragShowNolock

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b12d21dd71d5ac9ef4423b870718d9bf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

winspool.drv

shlwapi

shell32

comctl32

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 13.1MB - Virtual size: 13.1MB

.rsrc Size: 4KB - Virtual size: 848B

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 13.1MB - Virtual size: 13.1MB

.rsrc
Size: 4KB - Virtual size: 848B