blackmoon | 2024-10-10_95aefc9b95fff812cafac96de8502d51_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-10_95aefc9b95fff812cafac96de8502d51_icedid
Size

2.9MB
MD5

95aefc9b95fff812cafac96de8502d51
SHA1

2979b1d4df5b5f25333621e924240502cf606ac0
SHA256

f7bf980d326a4eba18f61f0f4a507f54d985ae54aa3031e3865643c72719c792
SHA512

cb66254d8d8bde5af0db7bdb83cfe6a67a0cc92d4e2bb3940df419586000a21c9dc5b88c9ef0cf7387b24cc650d8793eb003d2ea2176a1de5c2b65d87db00977
SSDEEP

49152:3p1ozlJg/KKL5EJQxVlR7X8DChwQiVBf+SwT:51oxJ3KLGJaV/7+4l

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-10_95aefc9b95fff812cafac96de8502d51_icedid

Files

2024-10-10_95aefc9b95fff812cafac96de8502d51_icedid
.exe windows:4 windows x86 arch:x86

0a0905d545da69bfa12ec7ee41d478fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapFree
CreateWaitableTimerW
SetWaitableTimer
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryA
FreeLibrary
GetCommandLineA
SetLocalTime
GetLocalTime
LCMapStringA
GetEnvironmentVariableA
DeleteFileA
Sleep
WriteFile
CreateFileA
GetFileSize
ReadFile
GetTickCount
GetModuleFileNameA
FormatMessageA
GetUserDefaultLCID
HeapReAlloc
ExitProcess
GetModuleHandleA
GetSystemInfo
CreateMutexA
GetCurrentProcessId
CreateEventA
lstrcpynA
QueryDosDeviceA
GetLogicalDriveStringsA
lstrcpyn
GetSystemDirectoryA
GetTempPathW
HeapCreate
RtlZeroMemory
HeapDestroy
HeapAlloc
ReleaseMutex
InterlockedExchange
SetStdHandle
GetStringTypeW
LocalSize
GlobalSize
RtlMoveMemory
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetNativeSystemInfo
GetProcessHeap
TerminateProcess
OpenProcess
GetCurrentProcess
CreateWaitableTimerA
CreateProcessA
lstrlenW
IsBadReadPtr
MultiByteToWideChar
LocalFree
LocalAlloc
IsDebuggerPresent
IsBadCodePtr
GetProcAddress
VirtualFree
CloseHandle
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
GetVersionExA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
ExitThread
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrlenA
GlobalDeleteAtom
lstrcmpA
VirtualAlloc

user32

GetTopWindow
GetCapture
CreateWindowExW
SendMessageW
SystemParametersInfoA
GetClassNameW
CreateIconFromResourceEx
CopyImage
MsgWaitForMultipleObjects
WinHelpA
EnumWindows
GetWindowThreadProcessId
GetWindowTextLengthW
GetClassInfoA
RegisterClassA
DestroyWindow
CreateWindowExA
GetWindowTextW
GetClassNameA
GetWindowInfo
FindWindowExA
SetWindowTextA
IsWindow
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LookupIconIdFromDirectoryEx
RegisterClassExW
DefWindowProcW
SetCursor
SendMessageA
KillTimer
GetAsyncKeyState
IntersectRect
InvalidateRect
UpdateLayeredWindow
ReleaseCapture
PostMessageW
IsZoomed
IsIconic
GetPropA
LoadCursorFromFileW
SetTimer
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
GetWindowRect
MessageBoxTimeoutW
MapVirtualKeyA
AttachThreadInput
SetKeyboardState
SendInput
SetWinEventHook
SetWindowPos
UnhookWinEvent
GetDC
FillRect
GetCursorInfo
DrawIcon
GetWindowDC
EnumDisplaySettingsA
WindowFromDC
ShowWindow
IsWindowEnabled
EnableMenuItem
RedrawWindow
GetAncestor
GetMenuBarInfo
WindowFromPoint
SetActiveWindow
SwitchToThisWindow
GetDlgItem
ChildWindowFromPointEx
DrawIconEx
EnableWindow
GetLastActivePopup
GetScrollInfo
GetMenu
GetSubMenu
GetMenuItemID
GetMenuStringA
MoveWindow
CallWindowProcW
TrackMouseEvent
BeginPaint
EndPaint
SetCapture
OpenIcon
GetSystemMetrics
PostMessageA
SetForegroundWindow
GetFocus
SetFocus
SetWindowLongW
SetPropA
GetClassLongW
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
MessageBeep
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
RemovePropA
SetWindowRgn
GetParent
SetWindowLongA
CallWindowProcA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
GetWindowLongA
IsWindowVisible
ValidateRect
GetKeyState
GetActiveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetDlgCtrlID
GetWindow
ClientToScreen
GetWindowTextA
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetClassLongA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA

winmm

PlaySoundA

gdi32

GetObjectA
GetPixel
CreateRectRgn
Rectangle
StretchBlt
GetCurrentObject
CreateBitmap
GetTextExtentPoint32A
GetStockObject
CreateDIBitmap
GetDIBits
CreateSolidBrush
CreateRoundRectRgn
GetDeviceCaps
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
SetWindowExtEx
Escape
TextOutA
ExtTextOutA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

gdiplus

GdipSetClipRect
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipResetClip
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipGetFontHeight
GdipMeasureString
GdipCreateSolidFill
GdipDrawString
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipGetStringFormatTrimming
GdipGetStringFormatFlags
GdipSetClipRegion
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageWidth
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion
GdipCreateRegionHrgn
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipFillPath
GdipCreateLineBrush
GdipCreateBitmapFromScan0
GdipFillPolygon
GdipDrawPolygon
GdipCreatePathGradientFromPath
GdipCreateBitmapFromStream
GdipGetCompositingQuality
GdipCreateHBITMAPFromBitmap
GdipSetWorldTransform
GdipDrawRectangleI
GdiplusShutdown
GdipSetSolidFillColor
GdipGetSolidFillColor
GdipCloneBitmapArea
GdipGetImagePixelFormat
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipDrawImageRectRect
GdipDrawImageRect
GdipGraphicsClear
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageRawFormat
GdipCreateBitmapFromStreamICM
GdipGetFamilyName
GdipGetFontSize
GdipGetFontStyle
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdiplusStartup
GdipCreateImageAttributes
GdipDeleteGraphics
GdipDisposeImage
GdipCreateRegion
GdipGetImageGraphicsContext
GdipCreatePen2

ole32

OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
StringFromGUID2
GetHGlobalFromStream
OleRun
CLSIDFromProgID
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromString
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoRevokeClassObject

oleaut32

OleLoadPicture
SysFreeString
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit

winhttp

WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle

wininet

HttpEndRequestA
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
HttpSendRequestExA
InternetWriteFile
InternetReadFile

imm32

ImmAssociateContext
ImmGetContext

shell32

SHAppBarMessage
SHGetSpecialFolderPathW
ShellExecuteA
Shell_NotifyIconW

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsDirectoryW
PathFileExistsA

msimg32

TransparentBlt
AlphaBlend

ws2_32

WSACleanup

oledlg

ord8

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a0905d545da69bfa12ec7ee41d478fb

Headers

File Characteristics

Imports

kernel32

user32

winmm

gdi32

advapi32

gdiplus

ole32

oleaut32

winhttp

wininet

imm32

shell32

shlwapi

msimg32

ws2_32

oledlg

winspool.drv

comctl32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 1.5MB - Virtual size: 1.6MB

.rsrc Size: 4KB - Virtual size: 596B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 1.5MB - Virtual size: 1.6MB

.rsrc
Size: 4KB - Virtual size: 596B