icedid | 2024-06-05_23c7c16f1e5c8f7278d5b8a42d4f09f8_icedid | Triage

Sharing

General

Target

2024-06-05_23c7c16f1e5c8f7278d5b8a42d4f09f8_icedid
Size

8KB
MD5

23c7c16f1e5c8f7278d5b8a42d4f09f8
SHA1

4da6351365cefb6c328da79e3a4973809ad12e4b
SHA256

8c637339dbf60797dd7b2c14812e6c5e275a28035d144f0398f2fe05b1e0d6db
SHA512

e35374de094854ca865c90e18228baaff7825579467a19e4ca04a6e116c7d6e4c75d2463d2a377efec7298e43aad1c9b03f59223d2bf50313f28d231a6871995
SSDEEP

192:/56iXvwj608jijUhR4CbvpSC0Ss9CdsHVY:/5VfRhRZpxA9CdsHV

Score

10^/10

Malware Config

Extracted

Family

icedid

Signatures

IcedID Second Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidSecondLoader
Icedid family
icedid
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

2024-06-05_23c7c16f1e5c8f7278d5b8a42d4f09f8_icedid

Files

2024-06-05_23c7c16f1e5c8f7278d5b8a42d4f09f8_icedid
.exe windows:5 windows x86 arch:x86

6ef9fc3b824d44b454eb43ca834c20b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA

shell32

SHGetFolderPathA

winhttp

WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpConnect

kernel32

HeapReAlloc
MultiByteToWideChar
ExitProcess
lstrcpyA
Sleep
VirtualAlloc
VirtualProtect
GetModuleFileNameA
CreateDirectoryA
lstrcatA
lstrlenA
GetFileSize
HeapAlloc
CloseHandle
CreateFileA
HeapFree
GetProcessHeap
ReadFile
WriteFile

user32

wsprintfA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ