2024-02-23_07be2186f07ca80311eb0bc02a8e6b9b_hacktools_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_07be2186f07ca80311eb0bc02a8e6b9b_hacktools_icedid
Size

9.5MB
MD5

07be2186f07ca80311eb0bc02a8e6b9b
SHA1

7c63aae667df6f13b729f82ce6c7089a16d006bb
SHA256

9fe99dae9f7d71217b6d780e77fe44694ff30fe73ec15a23fa5fba1e19ca71bd
SHA512

8e87261dcd5dcb8524b744711590e8d4e1aeaa365934b0c3d4469757ab062defaf9a62220006718616b1e22a00bddfec80d8972d83ad5e469188362f38cf84c5
SSDEEP

98304:3g7OyXGu46KjZsxQd0Y4klfHTR0pFA49iHKTX88SGnS2/SY/Sf/SO/S9/S0/SJxh:YXM5OuH90pFAHqoxPS1greQ

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Files

2024-02-23_07be2186f07ca80311eb0bc02a8e6b9b_hacktools_icedid
.exe windows:4 windows x86 arch:x86

3dd36af0f82d769648c15f180ba07912

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/12/2022, 00:00

Not After

09/12/2025, 23:59

Subject

CN=盛趣信息技术（上海）有限公司,O=盛趣信息技术（上海）有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:0a:7a:a7:9a:a2:a0:49:17:1d:32:35:83:57:49:e4:e6:75:2e:39:2f:5e:1f:54:e2:83:1b:db:dd:9b:61:6a
Signer

Actual PE Digest

c6:0a:7a:a7:9a:a2:a0:49:17:1d:32:35:83:57:49:e4:e6:75:2e:39:2f:5e:1f:54:e2:83:1b:db:dd:9b:61:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
SHDeleteValueA

winmm

midiStreamStop
midiOutReset
midiStreamClose
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiStreamRestart
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
waveOutRestart

ws2_32

WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
gethostname
recv
select
getpeername
accept
WSAGetLastError
__WSAFDIsSet
ntohs
getsockname
ntohl
send
connect
htons
bind
socket
recvfrom
listen
ioctlsocket
WSAAsyncSelect
closesocket

rasapi32

RasHangUpA
RasGetConnectStatusA

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

kernel32

GetTimeZoneInformation
GetVersion
GetTempFileNameA
FileTimeToSystemTime
MapViewOfFile
CreateFileMappingA
LocalFree
TerminateThread
UnmapViewOfFile
FormatMessageA
DeleteFileW
GetModuleHandleW
CreateFileW
LoadLibraryW
GetTempPathW
GetVersionExW
VirtualAlloc
VirtualFree
Beep
CreateMutexA
SuspendThread
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
ExitThread
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadCodePtr
InterlockedExchange
SetLastError
GetSystemDirectoryA
LoadLibraryExA
GetWindowsDirectoryA
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GetDriveTypeA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
DeleteFileA
CopyFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
ReleaseMutex

user32

CharNextA
SetWindowContextHelpId
MapDialogRect
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
GetNextDlgTabItem
GetMenuStringA
GetTabbedTextExtentA
DrawStateA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
FrameRect
GetPropA
MoveWindow
CallWindowProcA
SetPropA
DrawTextA
GetCursor
CreateIconIndirect
GetIconInfo
CopyIcon
LoadStringA
UnhookWindowsHookEx
SetWindowsHookExA
UnregisterClassA
GetMenuItemCount
GetMenuItemID
GetMenuState
MessageBoxW
SetWindowTextA
GetForegroundWindow
GetWindowTextA
GetDlgItem
GetClassNameA
GetDesktopWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
GetMenuCheckMarkDimensions
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
GetScrollPos
RegisterClassA
CreateWindowExA
GetClassLongA
CreateMenu
RemovePropA
SetFocus
SetRect
CallNextHookEx

gdi32

CreatePatternBrush
CreateBitmap
CreateHatchBrush
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
DeleteObject
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
SelectObject
GetObjectA
CreateEllipticRgn
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
PathToRegion
GetStockObject
CreateFontIndirectA
EndPage
EndPath
EndDoc
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateDIBSection
CreateRectRgnIndirect
SetBkColor
FrameRgn
OffsetRgn
GetTextMetricsA
SetTextColor
LineTo
MoveToEx
SetBkMode
SetWindowOrgEx
SaveDC
DeleteDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetDIBitsToDevice
SetPolyFillMode
SetROP2
SetMapMode
GetSystemPaletteEntries
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
CreatePalette
ExtSelectClipRgn
GetViewportExtEx
GetMapMode
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
RestoreDC
GetDeviceCaps
CreateDIBitmap

msimg32

GradientFill

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA
GetUserNameA
RegGetKeySecurity
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHEmptyRecycleBinA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantTimeToSystemTime
VariantClear
VariantChangeType
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect
SysFreeString
SafeArrayGetElemsize
SysAllocStringByteLen
SysAllocStringLen
SysStringLen

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Duplicate
ord17
ImageList_Destroy
ImageList_Create
ImageList_Read
ImageList_DrawIndirect
ImageList_GetImageCount

oledlg

ord8

wininet

InternetSetOptionA
InternetOpenA
InternetConnectA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
DeleteUrlCacheEntry

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dd36af0f82d769648c15f180ba07912

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:dbCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c6:0a:7a:a7:9a:a2:a0:49:17:1d:32:35:83:57:49:e4:e6:75:2e:39:2f:5e:1f:54:e2:83:1b:db:dd:9b:61:6aSigner

Headers

File Characteristics

Imports

shlwapi

winmm

ws2_32

rasapi32

msvfw32

avifil32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 7.9MB - Virtual size: 7.9MB

.data Size: 152KB - Virtual size: 582KB

.rsrc Size: 296KB - Virtual size: 295KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c6:0a:7a:a7:9a:a2:a0:49:17:1d:32:35:83:57:49:e4:e6:75:2e:39:2f:5e:1f:54:e2:83:1b:db:dd:9b:61:6a
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 7.9MB - Virtual size: 7.9MB

.data
Size: 152KB - Virtual size: 582KB

.rsrc
Size: 296KB - Virtual size: 295KB