Static task
static1
Behavioral task
behavioral1
Sample
2024-06-29_ce2a96a10a0be131d81136c7d01adb2c_icedid.exe
Resource
win7-20240221-en
windows7-x64
General
-
Target
2024-06-29_ce2a96a10a0be131d81136c7d01adb2c_icedid
-
Size
3.8MB
-
MD5
ce2a96a10a0be131d81136c7d01adb2c
-
SHA1
1517329cdb16d89226fbd969b3a81153b8eb9104
-
SHA256
34dd063993bdeb22c1626977c479950d83dc5b69c59faac3a6bbd83c20f304c8
-
SHA512
1576dc629ddd16e8bbc5772a18a842ea6dade0e05ad87bab4b5ccff0de189812beda513e67b5fa5c51515abf4a7954f2d6715c71a1f22c1ebb7044b87ab584d8
-
SSDEEP
49152:Wpd9j3riQpRZc+UvkOp26IdtPeZCu5elv2J1JkyUyyPw2K17n8Tv9q:WYQpRX1Op27dtPeZKBQ1JkymPNAb8T0
Malware Config
Signatures
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-06-29_ce2a96a10a0be131d81136c7d01adb2c_icedid
Files
-
2024-06-29_ce2a96a10a0be131d81136c7d01adb2c_icedid.exe windows:4 windows x86 arch:x86
854954ae2446c735e350e04dc3748bc1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
socket
ioctlsocket
connect
inet_addr
WSAGetLastError
ntohl
htonl
closesocket
send
recv
__WSAFDIsSet
select
getsockopt
listen
bind
accept
getsockname
WSASetLastError
ntohs
WSACleanup
WSAStartup
gethostbyname
htons
kernel32
lstrlenW
VirtualProtect
GlobalFlags
GlobalHandle
GlobalReAlloc
LocalReAlloc
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
WritePrivateProfileStringA
FindResourceExA
RtlUnwind
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTimeZoneInformation
GetCurrentThread
GetSystemTimeAsFileTime
RaiseException
HeapReAlloc
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
ExitThread
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
GetTickCount
GetProfileIntA
GetThreadLocale
GetFullPathNameA
FindFirstFileA
UnlockFile
LockFile
DuplicateHandle
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
FileTimeToLocalFileTime
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
InterlockedIncrement
CreateProcessA
SetThreadExecutionState
GetVolumeInformationW
CompareFileTime
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetSystemInfo
InterlockedDecrement
GetComputerNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentDirectoryA
GetACP
GetSystemDefaultLangID
GetUserDefaultLangID
GetVolumeInformationA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynA
CreateThread
SleepEx
ReadFile
CreateDirectoryA
CopyFileW
MoveFileA
LocalAlloc
SetLastError
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
SetFileAttributesW
FlushFileBuffers
DeviceIoControl
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
TerminateProcess
SetEvent
lstrlenA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryW
FormatMessageA
lstrcmpiA
GetLocaleInfoA
GetDriveTypeW
GetVersion
GetCurrentProcessId
MoveFileW
RemoveDirectoryW
GetSystemTime
SystemTimeToFileTime
SetFileTime
LoadLibraryW
MoveFileExW
GetModuleHandleA
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
lstrcatA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDirectoryW
DeleteFileW
GetWindowsDirectoryA
GetVersionExA
GetExitCodeProcess
CreateFileA
GetCurrentProcess
CreateProcessW
GetModuleFileNameW
CreateEventA
WaitForMultipleObjects
ResetEvent
GlobalAlloc
GlobalFree
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
GetFileAttributesA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GlobalSize
GlobalLock
GlobalUnlock
GetFileAttributesW
GetLastError
FormatMessageW
LocalFree
WideCharToMultiByte
MultiByteToWideChar
MulDiv
ExitProcess
GetProfileStringA
GetLocalTime
user32
IsRectEmpty
InflateRect
CharUpperA
IsClipboardFormatAvailable
ValidateRect
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsChild
WinHelpA
GetClassInfoA
GetClassLongA
GetMessageTime
GetLastActivePopup
GetWindowPlacement
IsDialogMessageA
SendDlgItemMessageA
GetDlgItemTextA
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetActiveWindow
DrawFrameControl
SetRect
SystemParametersInfoW
DrawStateA
DeleteMenu
DrawIconEx
IntersectRect
GetSysColorBrush
FillRect
FrameRect
PeekMessageA
SetActiveWindow
ModifyMenuA
UnionRect
ClientToScreen
WindowFromPoint
DrawTextW
SetDlgItemTextA
CopyIcon
GetKeyboardLayoutList
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItemTextW
UpdateWindow
IsWindowEnabled
SetCursorPos
GetClassNameA
CreateDialogParamW
CreateDialogParamA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
CreateWindowExA
RegisterClassA
DefDlgProcA
DestroyWindow
GetWindowDC
BeginPaint
EndPaint
RegisterWindowMessageA
RegisterClipboardFormatA
RemoveMenu
DrawFocusRect
GetMessagePos
ScreenToClient
LoadCursorA
SetCursor
EqualRect
GetCapture
ReleaseCapture
SetCapture
CreatePopupMenu
AppendMenuW
SystemParametersInfoA
GetDlgCtrlID
GetKeyState
ModifyMenuW
TrackPopupMenu
IsIconic
GetSystemMetrics
DrawIcon
OffsetRect
EnableMenuItem
SetClipboardViewer
CheckMenuItem
LoadImageW
LoadImageA
DestroyMenu
ChangeClipboardChain
GetWindow
GetMenu
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowLongA
CallWindowProcA
EnumWindows
SetForegroundWindow
IsWindowVisible
wsprintfW
MessageBoxW
MessageBoxA
LoadBitmapA
GetMenuItemCount
GetMenuItemID
GetSubMenu
AppendMenuA
CheckMenuRadioItem
GetCursorPos
PtInRect
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
GetAsyncKeyState
SetRectEmpty
MapDialogRect
DestroyIcon
SetWindowContextHelpId
GetClientRect
CopyRect
FindWindowA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
GetParent
SetParent
KillTimer
SetTimer
GetFocus
SetFocus
SendMessageW
InvalidateRect
wsprintfA
PostMessageA
GetForegroundWindow
ExitWindowsEx
ReleaseDC
MessageBeep
ShowWindow
GetWindowTextLengthA
MoveWindow
SetDlgItemTextW
GetWindowTextLengthW
GetWindowTextA
IsWindow
GetWindowRect
CreateWindowExW
SetWindowPos
SetWindowTextA
DefWindowProcW
GetDesktopWindow
GetDlgItem
GetSysColor
SetWindowTextW
SendMessageA
GetDC
GetWindowTextW
EnableWindow
LoadIconA
LoadStringA
IsWindowUnicode
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
GetWindowLongA
gdi32
GetTextColor
GetBkColor
EnumFontFamiliesExA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CopyMetaFileA
GetCharWidthA
StretchDIBits
CombineRgn
SetRectRgn
CreateRectRgnIndirect
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
IntersectClipRect
ExcludeClipRect
LPtoDP
DPtoLP
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject
SelectObject
StretchBlt
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
GetDIBits
CreateDIBSection
SelectClipRgn
GetObjectA
CreateFontIndirectA
TranslateCharsetInfo
CreateSolidBrush
GetTextExtentPoint32W
GetTextExtentPointA
CreateDIBitmap
GetTextExtentPoint32A
GetDeviceCaps
CreateFontA
RestoreDC
SaveDC
CreateBitmap
GetClipBox
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
CreateFontIndirectW
GetMapMode
SetMapMode
ScaleWindowExtEx
comdlg32
GetSaveFileNameW
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW
advapi32
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegCreateKeyExW
GetUserNameW
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
RegSaveKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCloseKey
RegEnumKeyW
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueA
shell32
Shell_NotifyIconW
SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconA
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHFileOperationA
ShellExecuteW
FindExecutableW
ShellExecuteExA
ShellExecuteExW
SHGetFileInfoW
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
comctl32
ImageList_AddMasked
ImageList_Add
ImageList_Remove
ord17
ord8
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
oledlg
ord8
ole32
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
OleGetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetObject
StringFromGUID2
CoInitialize
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateInstance
CLSIDFromString
olepro32
ord251
ord253
oleaut32
SysAllocString
SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
VariantCopy
VariantInit
VariantClear
LoadTypeLibEx
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
LoadTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
wininet
InternetSetCookieA
InternetGetCookieA
InternetCrackUrlA
InternetCanonicalizeUrlA
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
InternetCombineUrlA
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 448KB - Virtual size: 444KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 200KB - Virtual size: 223KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 972KB - Virtual size: 971KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ