icedid | 1a3481999d39238207c705ec7f8c73946ea992341f2715bbecb07b40faef565b[.]zip

General

Target

1a3481999d39238207c705ec7f8c73946ea992341f2715bbecb07b40faef565b.zip
Size

11KB
MD5

3752b93e17ee18f12e1ec39e16ba18f4
SHA1

774aa5f9bd59d69d44a919b760415cf00525d3ef
SHA256

be11cfcc3eb2073ebfcde431616fd6ee25060fa49cb99536a56cc113faba4137
SHA512

b6be1981456f842e4ad4f78f0c0d02e734825a2698c206ce3d0f8cf6cad044ddc152386fef196f90e0bae6c069d3b800b9bac59e6452002e16150b48ed7aba08
SSDEEP

192:94wJL30JjL/27RzlgtPvGViJcdDGfp6FX3QHIy8CWje7j89xB+eNwH0gIoPtWBGv:mwJLEZjwYt2ViJcd6fkp2IY+46MlWBvu

Score

10^/10

loader 468039940 icedid

Malware Config

Extracted

Family

icedid

Campaign

468039940

C2

arelyevennot.top

Signatures

IcedID First Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
static1/unpack001/1a3481999d39238207c705ec7f8c73946ea992341f2715bbecb07b40faef565b	IcedidFirstLoader

Icedid family
icedid

Files

1a3481999d39238207c705ec7f8c73946ea992341f2715bbecb07b40faef565b.zip
.zip

Password: infected
1a3481999d39238207c705ec7f8c73946ea992341f2715bbecb07b40faef565b
.exe windows x64

6f47fcee2ed0c51eb460709bb51d1057

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset

winhttp

WinHttpQueryOption

kernel32

GetComputerNameExA
LoadLibraryA
GetProcAddress
HeapAlloc
HeapReAlloc
HeapFree

Sections

.c
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

6f47fcee2ed0c51eb460709bb51d1057

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

winhttp

kernel32

Sections

.c Size: 16KB - Virtual size: 16KB

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.r Size: 4KB - Virtual size: 4KB

.d Size: 4KB - Virtual size: 4KB

.c
Size: 16KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.r
Size: 4KB - Virtual size: 4KB

.d
Size: 4KB - Virtual size: 4KB