icedid | 1744-54-0x0000000000020000-0x0000000000028000-memory[.]dmp | Triage

Sharing

General

Target

1744-54-0x0000000000020000-0x0000000000028000-memory.dmp
Size

32KB
MD5

c10af6de0ec3533c2b6d4bb1d0a21697
SHA1

a123c59da9b7cb797bf37f270fc43665b971160c
SHA256

81dcb7beee9ad8f27a9f0812639474ee3bffc664c7024e915a3a77cf3b02cdf1
SHA512

37002f6c811698f9250b26aa1fb06235209a222abeaf4c67cb23db39134f786f2f55db82071bdf789af512aae9244f4aaa511ea82ff32429f410d2a33b7b3c43
SSDEEP

192:caBnU7ThdZzpk4EJmxQQTHGKZFTkUV2U+A5+ZrCi5+o8xf+rsI:caBUn3Zz6mxQNqNVH+A5+ZrCigf+rsI

Score

10^/10

loader 4133971563 icedid

Malware Config

Extracted

Family

icedid

Campaign

4133971563

C2

tadernost.com

Signatures

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1744-54-0x0000000000020000-0x0000000000028000-memory.dmp

Files

1744-54-0x0000000000020000-0x0000000000028000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.c
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE