icedid | 3284-13-0x0000000180000000-0x0000000180009000-memory[.]dmp | Triage

Sharing

General

Target

3284-13-0x0000000180000000-0x0000000180009000-memory.dmp
Size

36KB
MD5

b28ef294f63d41972d2628629b84e861
SHA1

35f5ee651e576074c4996efcd6a52216be4df903
SHA256

e18199e82430780b69bdc9516405d1088dbdf09ead3b57844d66a8197dace7e4
SHA512

f55e38b37155f08d104f30e807a5364dbbd36b1e0a7943d4d5d2316a69b2c5a07bc26d639669cfef17e9bb6153658f3dad699f2cbeceb9af8d4be12c875f6430
SSDEEP

384:s5Jxayczq7Yjt9lfle9s6PLZx36kYGi8:s5DHYeIlfle9HD7li

Score

10^/10

loader 909843654 icedid

Malware Config

Extracted

Family

icedid

Campaign

909843654

C2

restohalto.site

Signatures

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3284-13-0x0000000180000000-0x0000000180009000-memory.dmp

Files

3284-13-0x0000000180000000-0x0000000180009000-memory.dmp
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.c
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE