2024-02-03_4093aaaf3b3c505ed238662ccf9262f1_icedid | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_4093aaaf3b3c505ed238662ccf9262f1_icedid
Size

9.9MB
MD5

4093aaaf3b3c505ed238662ccf9262f1
SHA1

41a6d96a80100b25ff1644fe4f9a545187b372e3
SHA256

15be0809223359f8c715c3f2880a911e8801831ed8779796c15009e6d372159f
SHA512

f7cc2315117d409b71d0711a2051fc6e200dd96c363880f637e3b8937d309242a2590e4a8da87feb94fb44aeae31913353ab1db7823cbbb8ebaed5dd5565777b
SSDEEP

196608:oqF2csNvlyqojJjrd8V2hsgsvGtE50GMwmkzxr5aDFNRwBSdxX9lWBiKTVYsDmGC:osxkvlyYrshto2Sqw+SRPQo8sQHVNULy

Score

10^/10

Malware Config

Signatures

Detects executables packed with BoxedApp 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_BoxedApp

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_4093aaaf3b3c505ed238662ccf9262f1_icedid

Files

2024-02-03_4093aaaf3b3c505ed238662ccf9262f1_icedid
.exe windows:4 windows x86 arch:x86

88381b84da56810b869e897e6d45bd58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnumChildWindows

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.main
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stub
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE