icedid | 9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81 | Triage

Sharing

Reason

config extraction: CfgExtr crashed: runtime error: slice bounds out of range [256:0]

General

Target

9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81
Size

10KB
MD5

df826d4fd50e435af9e86a04c2d25a7a
SHA1

8d3ae629bdcc8699aa1165aff22795d4c3d05875
SHA256

9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81
SHA512

29d85b0e9d01a2b1c745de88b54918c3b8b748dd51f3a8a2e6fbb2c18236d776190985c4f47a06d797c2ec431f5b66fdc727fd11250954b9818e92e684674658
SSDEEP

192:jRPMr4QNoKB695puGwRMcl55s8guGxNBwN:jNM1RqbuG6t+8HGxNBwN

Score

10^/10

loader icedid

Malware Config

Signatures

IcedID First Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidFirstLoader
Icedid family
icedid

Files

9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81
.dll regsvr32 windows x86

9a31ca7834d07273dabb36e82caf0a31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
LookupAccountNameW

shlwapi

StrToIntA
StrStrIA
StrChrA

kernel32

GetComputerNameExA
SwitchToThread
GetLastError
GetTickCount64
GetComputerNameExW
HeapReAlloc
GetModuleFileNameA
HeapFree
WaitForSingleObject
GetCommandLineA
Sleep
GetTempPathA
LoadLibraryA
CreateThread
GetProcAddress
ExitProcess
GetProcessHeap
GetTickCount
ReadFile
WriteFile
CreateFileA
CloseHandle
HeapAlloc
GetFileSize
lstrlenA

user32

wsprintfW
wsprintfA

winhttp

WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetStatusCallback

msvcrt

memset

Exports

Exports

DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ