icedid | 2024-04-28_f20db33bd9cc34430fc0ad1da2dd26e8_icedid | Triage

Sharing

General

Target

2024-04-28_f20db33bd9cc34430fc0ad1da2dd26e8_icedid
Size

8KB
MD5

f20db33bd9cc34430fc0ad1da2dd26e8
SHA1

b4d95ca3758950790747da1055d2c1c2088d885c
SHA256

01f8838b2960daf57473b5515501cf3ac7e6c0f53704362a494bc7dfcf1f6e97
SHA512

31e432cd00fe11089298bb8900f466a7d049b46d6ebd9efe6ec33986d79bc93f6779938b16ba670e16b786123a53bed6800dde78e06a35e11dff14c474934f30
SSDEEP

192:/pqmDLwj6c87yzUhKs6TCbPpEV2mzUeCaeC0F8W:/pNzhhB6kpEMCUeCaF

Score

10^/10

Malware Config

Extracted

Family

icedid

Signatures

IcedID Second Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidSecondLoader
Icedid family
icedid
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

2024-04-28_f20db33bd9cc34430fc0ad1da2dd26e8_icedid

Files

2024-04-28_f20db33bd9cc34430fc0ad1da2dd26e8_icedid
.exe windows:5 windows x86 arch:x86

5bb99df5d066cfc2a2e8eba6c4771204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

advapi32

GetUserNameA

kernel32

ExitProcess
MultiByteToWideChar
HeapFree
GetProcessHeap
ReadFile
WriteFile
CreateFileA
CloseHandle
HeapAlloc
GetFileSize
lstrlenA
lstrcatA
CreateDirectoryA
GetModuleFileNameA
VirtualProtect
VirtualAlloc
Sleep
lstrcpyA
HeapReAlloc

winhttp

WinHttpConnect
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpCloseHandle

user32

wsprintfA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ