icedid | 1b604922254eb1b6c4d577873f0a5e42b0aa7e86041c2edad37828a1c22b3f2c | Triage

Submit
Reports

Overview

overview

Static

static

1b60492225...2c.dll

windows7-x64

1

1b60492225...2c.dll

windows10-2004-x64

1

Sharing

Static task

static1

core_loader 452507187 icedid

1 signatures

Behavioral task

behavioral1

Sample

1b604922254eb1b6c4d577873f0a5e42b0aa7e86041c2edad37828a1c22b3f2c.dll

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b604922254eb1b6c4d577873f0a5e42b0aa7e86041c2edad37828a1c22b3f2c.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1b604922254eb1b6c4d577873f0a5e42b0aa7e86041c2edad37828a1c22b3f2c
Size

6KB
MD5

d10df2beb4b0e49b9806af3ed49706be
SHA1

e150689e82ad4e564008ae1d07bc532e8d197ddf
SHA256

1b604922254eb1b6c4d577873f0a5e42b0aa7e86041c2edad37828a1c22b3f2c
SHA512

6f8c9a647a59d7a946281ca89870ca5a6cc0b01aa7b86216ebee9ec5763814873a4eaa09cafd99755dad199b3b92bf631c1d5688b0896929e24c730b6e1d8339
SSDEEP

96:CAVCUOemFbOCsnsLoBTp91AFtsRaAyDI6QpVhMdk:CApOjr4sLETnu3wy0ndMq

Score

10^/10

core_loader 452507187 icedid

Malware Config

Extracted

Family

icedid

Botnet

452507187

C2

adrescairhot.com

bromidnaus.com

Attributes

auth_var
28
url_path
/news/

Signatures

Icedid family
icedid

Files

1b604922254eb1b6c4d577873f0a5e42b0aa7e86041c2edad37828a1c22b3f2c
.dll windows x64

fe8ac26a9e653c5408fbc7a4bbbb5cbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpyA
GetLastError
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
lstrcatA
GetCommandLineA
Sleep
ExitProcess
CreateThread

msvcrt

memset

shlwapi

StrChrA
StrStrIA

shell32

SHGetFolderPathA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy