icedid | 0973f6f6a3150d115f63c023a5208cfb[.]exe

General

Target

0973f6f6a3150d115f63c023a5208cfb.exe
Size

13KB
MD5

0973f6f6a3150d115f63c023a5208cfb
SHA1

4c5b9ce6d6c3e11f6c11b12fc1465319facc8ea7
SHA256

b3063a902d1acc5bdafb98a7976974ea2430b8d62d8aeb414cc3f2fab190dafa
SHA512

9a7adb738ce42550f85de06578000603cf0e8d8f2b7556ff45c2db22d2b7b8fff79f12c5a3200e11bd6ca9ae01ee263fcc18d370b3d1dd12b1125496f25bdee7
SSDEEP

192:eC+YPv6UOyDqZ1KcMzqTHG+3F+j7rT9z7VYe/7Vd/5A27E0mgGn:eev6UbqZ1K7zX+3q7PEe/7Vd227E0lM

Score

10^/10

loader 1776411935 icedid

Malware Config

Extracted

Family

icedid

Campaign

1776411935

C2

eliskapalu.com

Signatures

Icedid family
icedid

Files

0973f6f6a3150d115f63c023a5208cfb.exe
.exe windows x64

3a0cfb574e9f4ca8db6893e099e2d5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW
LookupAccountNameW

winhttp

WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect

kernel32

WideCharToMultiByte
lstrlenW
VirtualProtect
VirtualAlloc
lstrcatA
lstrcpyA
Sleep
GetTempPathA
CreateDirectoryA
LoadLibraryA
GetProcAddress
GetComputerNameExW
ExitProcess
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
WriteFile
CloseHandle
HeapReAlloc
GetLastError
SwitchToThread
GetTickCount64

shell32

SHGetFolderPathA

msvcrt

memset

user32

wsprintfW

Sections

.c
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

3a0cfb574e9f4ca8db6893e099e2d5bb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

winhttp

kernel32

shell32

msvcrt

user32

Sections

.c Size: 7KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 396B

.r Size: 512B - Virtual size: 416B

.d Size: 512B - Virtual size: 128B

.c
Size: 7KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 396B

.r
Size: 512B - Virtual size: 416B

.d
Size: 512B - Virtual size: 128B