icedid | 696-54-0x0000000140000000-0x000000014000B000-memory[.]dmp | Triage

Sharing

General

Target

696-54-0x0000000140000000-0x000000014000B000-memory.dmp
Size

44KB
MD5

ae38e5188946694da776e33c92f82074
SHA1

a8021a790c92a76d9b27a20ba883095c7de2067f
SHA256

4dc3f1c3f7aaf038a174771a23f1907369ab68a33ec660f00663fdfa831effa7
SHA512

810d29a912cd7fcd3b4073ad3c70c1fe0d3f91bd33876bda89cc74476a6951fbffae8e64d947713dcb61e4d3f55990561935c5fcb787f770db4c3a266bd501d7
SSDEEP

384:aAybRgY6EAL4eIQsn1pM6+OJh5QX+zzanFN/1wLu06h:XbIQsn1x+xuKnFN1wyZh

Score

10^/10

loader 816407799 icedid

Malware Config

Extracted

Family

icedid

Campaign

816407799

C2

ertimadifa.com

Signatures

IcedID First Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidFirstLoader
Icedid family
icedid

Files

696-54-0x0000000140000000-0x000000014000B000-memory.dmp
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.c
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE