icedid | 908-54-0x0000000180000000-0x0000000180005000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

908-54-0x0...ry.dll

windows7-x64

1

908-54-0x0...ry.dll

windows10-2004-x64

3

Sharing

Static task

static1

core_loader 536628885 icedid

1 signatures

Behavioral task

behavioral1

Sample

908-54-0x0000000180000000-0x0000000180005000-memory.dll

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

908-54-0x0000000180000000-0x0000000180005000-memory.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

908-54-0x0000000180000000-0x0000000180005000-memory.dmp
Size

20KB
MD5

edc61fdd4094a7a4ea0375f631caacaa
SHA1

9eab3c0c59539e553ba75322eea20aca64abdcf8
SHA256

5b8eb78a6dd4358c17dd052732aca627426474f788a8fc53497c52f670ccaa28
SHA512

c3d0ff34ba66639feecdae533d30edc34c3c0d327f3befab8d4463cc355270622cb69117673ee89cbdcdc4ec743dbdd54c0a810af0338bffcbd8ca98b3082c3e
SSDEEP

96:CAVCUOemFbOCsnsLoBTp95Ia3tsRaAyDI6QpaW0LUE:CApOjr4sLETniadwy0naz

Score

10^/10

core_loader 536628885 icedid

Malware Config

Extracted

Family

icedid

Botnet

536628885

C2

guaracheza.pics

stayersa.art

Attributes

auth_var
9
url_path
/news/

Signatures

Icedid family
icedid

Files

908-54-0x0000000180000000-0x0000000180005000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy