2024-01-22_508ea9ae46aaf0ed08cb0b4ed60ad7b9_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-22_508ea9ae46aaf0ed08cb0b4ed60ad7b9_icedid
Size

2.6MB
MD5

508ea9ae46aaf0ed08cb0b4ed60ad7b9
SHA1

c3a9b72c34b2682c9a163f7a65d4c67ea30a3611
SHA256

6dd9222f29390b5c5f8c640148fd880e50963d2f37f45c09cacfee328ad41aee
SHA512

463f7454d2deb147c402588f4e50f2640c3a108c258836ff4a7d36c7ae26d834bc5535fd128b9d7f98bfce3c4a38dbd2b8f188e95e8b64f9871b18f98b44cc7b
SSDEEP

24576:2VfwMHdQhU3nW57BVysNevfui2Q/t5Eado0cQBIYaNNkF8coujr7uYBOsGu:2V3HdQcWJiv2i2OEadoYIRkycouP7Fv

Score

10^/10

Malware Config

Signatures

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Files

2024-01-22_508ea9ae46aaf0ed08cb0b4ed60ad7b9_icedid
.exe windows:5 windows x86 arch:x86

98fa4969f37a56a5144d613696eca139

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:dd:61:46:0d:2c:62:7a:5b:db:ca:ee:4a:21:5e:ab
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

17/03/2017, 00:00

Not After

15/06/2020, 23:59

Subject

CN=Irongate Inc,O=Irongate Inc,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

kernel32

GetFileType
HeapSize
GetTimeZoneInformation
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapCreate
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
GetProcAddress
CreateFileW
InterlockedCompareExchange
GetCommandLineA
ExitThread
VirtualQuery
VirtualAlloc
VirtualProtect
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
FreeEnvironmentStringsW
GetStartupInfoA
GetModuleHandleA
LocalFree
FormatMessageA
GetLastError
lstrlenA
DeleteFileA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
SetLastError
LoadLibraryA
FreeLibrary
InitializeCriticalSection
GetTickCount
DeleteCriticalSection
GetProcessTimes
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
GetWindowsDirectoryA
GetLongPathNameA
GetTempPathA
ResumeThread
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
OpenProcess
GetVersionExA
CopyFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSizeEx
CreateFileA
DeviceIoControl
FindClose
SetFileAttributesA
GetFileAttributesA
WriteFile
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetModuleHandleW
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
RaiseException
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameW
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetModuleFileNameA
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetTempFileNameA
ResetEvent
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetComputerNameA
GetVolumeInformationA
CreateThread
TerminateThread
CreateEventA
SetEvent
GetExitCodeThread
GetThreadPriority
SetThreadPriority
InterlockedDecrement
lstrcmpA
lstrcpyW
ReadFile
GetVersion
GetDiskFreeSpaceExA
MoveFileA
SuspendThread
LocalAlloc
MultiByteToWideChar
ExpandEnvironmentStringsA
CreateProcessA
GetSystemInfo
GlobalMemoryStatus
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
ExitProcess
GetCurrentDirectoryA
Sleep
VerSetConditionMask
VerifyVersionInfoA
WaitForSingleObject
GetFileSize
SetFilePointer

user32

GetWindowDC
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
PostMessageA
GetClassNameA
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
GetMenuItemCount
GetClassInfoExA
AdjustWindowRectEx
EqualRect
CallWindowProcA
GetMenu
SetWindowPos
IntersectRect
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
EndDialog
BeginPaint
EndPaint
GetClassInfoA
RegisterClassA
DefWindowProcA
UpdateWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawStateA
FrameRect
CreateIconIndirect
TrackPopupMenuEx
DestroyCursor
DestroyMenu
EnumDisplaySettingsA
RegisterWindowMessageA
SetForegroundWindow
SetParent
SetActiveWindow
LoadMenuA
CharUpperA
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
UnregisterClassA
CopyAcceleratorTableA
GetSubMenu
GetMenuItemID
DrawAnimatedRects
InvalidateRgn
SetCapture
ReleaseCapture
CharNextA
GetNextDlgGroupItem
RegisterClipboardFormatA
SetMenu
FindWindowExA
SendMessageA
GetWindowRect
EnableWindow
GetSysColor
GetParent
LoadBitmapA
SetTimer
KillTimer
PostThreadMessageA
MessageBoxA
GetClientRect
PtInRect
LoadImageA
FillRect
InvalidateRect
InflateRect
GetDC
ReleaseDC
RedrawWindow
PostQuitMessage
PeekMessageA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
ShowWindow
MessageBeep
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
LoadIconA
GetIconInfo
FindWindowA
EnumChildWindows
SystemParametersInfoA
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
IsWindow
DestroyIcon
ScreenToClient
IsRectEmpty
OffsetRect
GetWindowPlacement
CreateWindowExA
SetRect
MoveWindow
GetWindow
GetDlgCtrlID
GetDlgItem
SetRectEmpty
IsWindowVisible
LockWindowUpdate
CopyRect
LoadCursorA
MsgWaitForMultipleObjects
DispatchMessageA
SetCursor

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetWindowExtEx
CreatePen
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
GetViewportExtEx
SetTextAlign
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetClipBox
SetDIBitsToDevice
GetDeviceCaps
Rectangle
GetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
CreateFontIndirectA
GetObjectA
CreateFontA
CreateSolidBrush
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
GetTextExtentPoint32A
CreateRectRgn
DeleteObject
FillRgn
CombineRgn
SetRectRgn
DeleteDC
SetPixel
SetTextColor
SetBkColor
CreateBitmap
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenSCManagerA
CopySid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
GetLengthSid
GetTokenInformation
OpenProcessToken
RegQueryValueA
EnumDependentServicesA
ControlService
QueryServiceStatusEx
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusExA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegFlushKey
StartServiceA
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
GetSidSubAuthority
OpenServiceA
CloseServiceHandle
QueryServiceStatus
GetUserNameA
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SHGetMalloc
Shell_NotifyIconA
SHAppBarMessage
ShellExecuteExA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
SHDeleteKeyA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA

oledlg

ord8

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
VarDateFromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantInit
VariantClear
VariantChangeType
OleLoadPicture
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

gethostbyaddr
bind
inet_addr
htons
recvfrom
gethostbyname
WSAGetLastError
inet_ntoa
sendto
setsockopt
closesocket
WSASocketA
select
WSACleanup
gethostname
WSAStartup
WSASetLastError

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetNetworkParams
GetAdaptersInfo

setupapi

SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA

pdh

PdhOpenQueryA
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhAddCounterA

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CryptDecodeObject

winmm

PlaySoundA
waveOutGetNumDevs
waveOutGetDevCapsA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetOpenUrlA

Sections

.text
Size: 1019KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98fa4969f37a56a5144d613696eca139

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:dd:61:46:0d:2c:62:7a:5b:db:ca:ee:4a:21:5e:abCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

version

iphlpapi

setupapi

pdh

crypt32

winmm

wininet

Sections

.text Size: 1019KB - Virtual size: 1018KB

.rdata Size: 260KB - Virtual size: 259KB

.data Size: 43KB - Virtual size: 60KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:dd:61:46:0d:2c:62:7a:5b:db:ca:ee:4a:21:5e:ab
Certificate

.text
Size: 1019KB - Virtual size: 1018KB

.rdata
Size: 260KB - Virtual size: 259KB

.data
Size: 43KB - Virtual size: 60KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB