Behavioral task
behavioral1
Sample
1988-54-0x0000000180000000-0x0000000180005000-memory.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1988-54-0x0000000180000000-0x0000000180005000-memory.dll
Resource
win10v2004-20220414-en
General
-
Target
1988-54-0x0000000180000000-0x0000000180005000-memory.dmp
-
Size
20KB
-
MD5
53e1d2817cd3813f08ad67b5e852f8ef
-
SHA1
7a9eb5f95f981e3d9c347d0d770ac45467205048
-
SHA256
a6c216f8bb23ad04d34db4ba4b3b98f03be09b1c707030e5b863c8455e63448b
-
SHA512
64ecaff616ee7e22e289c83369e188a9aaf2848f2631d3b998ee873ae44f8b268fedb082d6a9b51f853dc572a65959aecd08715216d52371616a61bbd4c434a5
-
SSDEEP
96:CAVCUOemFbOCsnsLoBTp9TKOtsRaAyDI6QpR0pnAOp0RL:CApOjr4sLETnrwy0n6nAC+
Malware Config
Extracted
icedid
1573268852
peranistaer.top
gruvihabralo.nl
-
auth_var
5
-
url_path
/news/
Signatures
-
Icedid family
Files
-
1988-54-0x0000000180000000-0x0000000180005000-memory.dmp.dll windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 884B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ