2024-02-20_6ea81f68821b21bd52b968cfb747bd81_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_6ea81f68821b21bd52b968cfb747bd81_floxif_icedid
Size

3.9MB
MD5

6ea81f68821b21bd52b968cfb747bd81
SHA1

c576be50d23e610bb40e05e5031ebe9f80344c05
SHA256

e536807d8a546d06f0976c95f5fad2dd49eb349ec04c8eb8740cdf7ba3f01f28
SHA512

ca41175260c3fd80b2359bd4c07fa98a901567ab77d99f7006f58484e553ef792d61695db718bc90732ed4b0179e3e3ffedf72d6261622cde2ae6906282992b2
SSDEEP

49152:aUYK/NzTNg5qej04wk+xyuyYPCMMejTTm22WIs15dTYFgi4PMO5wC17n8Tw9F:aazTNPeY4IMuyYP4eR15dTnPAIb8TC

Score

10^/10

Malware Config

Signatures

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Files

2024-02-20_6ea81f68821b21bd52b968cfb747bd81_floxif_icedid
.exe windows:4 windows x86 arch:x86

87e9bcd1ada86298e2ed9176908aadfb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:e5:d9:38:3c:92:d2:98:b2:80:8b:2d:1c:48:b2:0a:66:e5:58:32:9f:52:71:ec:96:9a:41:ac:32:55:6a:f5
Signer

Actual PE Digest

6c:e5:d9:38:3c:92:d2:98:b2:80:8b:2d:1c:48:b2:0a:66:e5:58:32:9f:52:71:ec:96:9a:41:ac:32:55:6a:f5

Digest Algorithm

sha256

PE Digest Matches

false

b3:f9:c8:ad:90:be:35:9a:71:80:74:97:40:62:7b:27:c9:c7:d7:99
Signer

Actual PE Digest

b3:f9:c8:ad:90:be:35:9a:71:80:74:97:40:62:7b:27:c9:c7:d7:99

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
GetSystemTimeAsFileTime
HeapReAlloc
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
ExitThread
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetCurrentDirectoryW
GetProfileStringA
GetCurrentDirectoryW
SetEnvironmentVariableW
RtlUnwind
FindResourceExA
WritePrivateProfileStringA
SetErrorMode
GetFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
LocalReAlloc
GlobalReAlloc
GlobalHandle
GlobalFlags
VirtualProtect
lstrlenW
GetCurrentThread
GetTickCount
GetProfileIntA
GetThreadLocale
GetFullPathNameA
FindFirstFileA
UnlockFile
LockFile
DuplicateHandle
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
FileTimeToLocalFileTime
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
InterlockedIncrement
RaiseException
InterlockedExchange
CreateProcessA
SetThreadExecutionState
GetVolumeInformationW
CompareFileTime
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetSystemInfo
InterlockedDecrement
GetComputerNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentDirectoryA
LoadLibraryA
GetACP
GetSystemDefaultLangID
GetUserDefaultLangID
GetVolumeInformationA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynA
CreateThread
SleepEx
ReadFile
CreateDirectoryA
CopyFileW
MoveFileA
LocalAlloc
SetLastError
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
SetFileAttributesW
FlushFileBuffers
DeviceIoControl
TlsFree
TlsAlloc
ExitProcess
TlsSetValue
GetCurrentThreadId
TlsGetValue
TerminateProcess
SetEvent
lstrlenA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryW
LoadLibraryW
FormatMessageA
lstrcmpiA
GetLocaleInfoA
GetDriveTypeW
GetVersion
GetCurrentProcessId
MoveFileW
RemoveDirectoryW
GetSystemTime
SystemTimeToFileTime
SetFileTime
MoveFileExW
GetModuleHandleA
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
lstrcatA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDirectoryW
DeleteFileW
GetWindowsDirectoryA
GetVersionExA
GetExitCodeProcess
CreateFileA
GetCurrentProcess
CreateProcessW
GetModuleFileNameW
CreateEventA
WaitForMultipleObjects
ResetEvent
GlobalAlloc
GlobalFree
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
GetFileAttributesA
CopyFileA
GetProcAddress
FreeLibrary
Sleep
GlobalSize
GlobalLock
GlobalUnlock
GetFileAttributesW
GetLastError
FormatMessageW
LocalFree
WideCharToMultiByte
MultiByteToWideChar
MulDiv
SetUnhandledExceptionFilter

user32

EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
AdjustWindowRectEx
MapWindowPoints
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
TabbedTextOutA
DrawTextA
GrayStringA
ValidateRect
IsClipboardFormatAvailable
CharUpperA
InflateRect
IsRectEmpty
SetWindowContextHelpId
MapDialogRect
SetRectEmpty
GetAsyncKeyState
PostThreadMessageA
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
GetTopWindow
IsChild
WinHelpA
GetClassInfoA
GetClassLongA
GetMessageTime
GetLastActivePopup
GetWindowPlacement
IsDialogMessageA
SendDlgItemMessageA
GetDlgItemTextA
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetActiveWindow
DrawFrameControl
SetRect
SystemParametersInfoW
DrawStateA
DeleteMenu
DrawIconEx
IntersectRect
GetSysColorBrush
FillRect
FrameRect
PeekMessageA
SetActiveWindow
ModifyMenuA
UnionRect
ClientToScreen
WindowFromPoint
DrawTextW
SetDlgItemTextA
CopyIcon
GetKeyboardLayoutList
DestroyIcon
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItemTextW
UpdateWindow
IsWindowEnabled
SetCursorPos
GetClassNameA
CreateDialogParamW
CreateDialogParamA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
CreateWindowExA
RegisterClassA
DefDlgProcA
DestroyWindow
GetWindowLongA
GetWindowDC
BeginPaint
EndPaint
RegisterWindowMessageA
RegisterClipboardFormatA
DrawFocusRect
GetMessagePos
ScreenToClient
LoadCursorA
SetCursor
EqualRect
GetCapture
ReleaseCapture
SetCapture
CreatePopupMenu
AppendMenuW
SystemParametersInfoA
GetDlgCtrlID
GetKeyState
ModifyMenuW
TrackPopupMenu
IsIconic
GetSystemMetrics
LoadStringA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
IsWindowUnicode
DrawIcon
OffsetRect
EnableMenuItem
SetClipboardViewer
CheckMenuItem
LoadImageW
LoadImageA
DestroyMenu
ChangeClipboardChain
GetWindow
GetMenu
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowLongA
CallWindowProcA
EnumWindows
SetForegroundWindow
IsWindowVisible
wsprintfW
MessageBoxW
MessageBoxA
LoadBitmapA
GetMenuItemCount
GetMenuItemID
GetSubMenu
AppendMenuA
CheckMenuRadioItem
GetCursorPos
PtInRect
GetClientRect
CopyRect
FindWindowA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
GetParent
SetParent
KillTimer
SetTimer
GetFocus
SetFocus
SendMessageW
InvalidateRect
wsprintfA
PostMessageA
GetForegroundWindow
ExitWindowsEx
ReleaseDC
MessageBeep
ShowWindow
GetWindowTextLengthA
MoveWindow
SetDlgItemTextW
GetWindowTextLengthW
GetWindowTextA
IsWindow
GetWindowRect
CreateWindowExW
SetWindowPos
SetWindowTextA
DefWindowProcW
GetDesktopWindow
GetDlgItem
GetSysColor
SetWindowTextW
SendMessageA
GetDC
GetWindowTextW
EnableWindow
LoadIconA
RemoveMenu

gdi32

GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
PatBlt
CreateRectRgnIndirect
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
CopyMetaFileA
GetTextColor
GetBkColor
EnumFontFamiliesExA
CreateRectRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
RestoreDC
SaveDC
CreateBitmap
GetClipBox
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
CreateFontIndirectW
GetMapMode
SetMapMode
LPtoDP
DPtoLP
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject
SelectObject
StretchBlt
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
GetDIBits
CreateDIBSection
GetObjectA
CreateFontIndirectA
TranslateCharsetInfo
CreateSolidBrush
GetTextExtentPoint32W
GetTextExtentPoint32A
GetDeviceCaps
Escape
CreateDIBitmap
GetTextExtentPointA
CreateFontA

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegCreateKeyExW
GetUserNameW
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
RegSaveKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCloseKey
RegEnumKeyW
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Add
ImageList_Remove
ord17
ord8
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e9bcd1ada86298e2ed9176908aadfb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

6c:e5:d9:38:3c:92:d2:98:b2:80:8b:2d:1c:48:b2:0a:66:e5:58:32:9f:52:71:ec:96:9a:41:ac:32:55:6a:f5Signer

b3:f9:c8:ad:90:be:35:9a:71:80:74:97:40:62:7b:27:c9:c7:d7:99Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 448KB - Virtual size: 445KB

.data Size: 204KB - Virtual size: 224KB

.rsrc Size: 972KB - Virtual size: 971KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

6c:e5:d9:38:3c:92:d2:98:b2:80:8b:2d:1c:48:b2:0a:66:e5:58:32:9f:52:71:ec:96:9a:41:ac:32:55:6a:f5
Signer

b3:f9:c8:ad:90:be:35:9a:71:80:74:97:40:62:7b:27:c9:c7:d7:99
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 448KB - Virtual size: 445KB

.data
Size: 204KB - Virtual size: 224KB

.rsrc
Size: 972KB - Virtual size: 971KB