icedid | icedid_dump | Triage

Submit
Reports

Overview

overview

Static

static

icedid_dump.dll

windows7-x64

1

icedid_dump.dll

windows10-2004-x64

1

Sharing

Static task

static1

core_loader 1573268852 icedid

1 signatures

Behavioral task

behavioral1

Sample

icedid_dump.dll

Resource

win7-20220715-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

icedid_dump.dll

Resource

win10v2004-20220722-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

icedid_dump
Size

6KB
MD5

629933e17fa1e58e30041e0a0e1b5ec7
SHA1

e4d0ca64031cd293119a72e3cbba3bd84e93899e
SHA256

1b22f59b757dff8865e0406863048694ee023dc1739df3af949043d1e6657e8c
SHA512

735e95322ca35a34c4f9a17bd5d780969881f1924ea72c8e7831edb31c8ac0100e67b02c4ace9918c973e4f7e1f6f464b06d9d9e04cd8abf31529a5612a28554
SSDEEP

96:CAVCUOemFbOCsnsLoBTp91AFtsRaAyDI6QpxJ/eDbP:CApOjr4sLETnu3wy0ndeDb

Score

10^/10

core_loader 1573268852 icedid

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl

Attributes

auth_var
10
url_path
/news/

Signatures

Icedid family
icedid

Files

icedid_dump
.dll windows x64

fe8ac26a9e653c5408fbc7a4bbbb5cbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpyA
GetLastError
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
lstrcatA
GetCommandLineA
Sleep
ExitProcess
CreateThread

msvcrt

memset

shlwapi

StrChrA
StrStrIA

shell32

SHGetFolderPathA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy