2024-03-05_dfa8098c44a11546c5c5e61bc4eb18ad_icedid_sliver

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-05_dfa8098c44a11546c5c5e61bc4eb18ad_icedid_sliver
Size

52.2MB
MD5

dfa8098c44a11546c5c5e61bc4eb18ad
SHA1

8b3bc42bbcbe529d12e71858ddbdf5d2ea077706
SHA256

dae1b506aca2d2aa4a5dad42f42ab7dbc187e7b2f2e653505da1f3739deacf1e
SHA512

65890b2f8aa2532e187736ecdf0d87890c40e856ccbab36cfda16ce475c7412c4f70de42abb72904f0654ee273e58aa17f734ad123fce43b86e4fa20fe2df829
SSDEEP

786432:BWUJcrdhxcWNwBfHqofLsymqnGJBgfy2x9b1PTqSw2IL80MAgcbjqrvjplw/PgH:BW4crZ5afc+GK9b1PXy1f0Hw/PgH

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

2024-03-05_dfa8098c44a11546c5c5e61bc4eb18ad_icedid_sliver
.exe windows:5 windows x86 arch:x86

0b11a76e5ca6e8d34241bd3628d4639b

Code Sign

0c:7e:ec:c8:c5:e1:d1:fb:52:92:56:a2:d3:10:f0:71
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/11/2022, 00:00

Not After

07/01/2025, 23:59

Subject

CN=Splashtop Inc.,O=Splashtop Inc.,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9b:a6:95:96:62:a1:56:1a:6e:87:2b:dd:97:8e:58:42:72:ea:9b:69:2c:cb:d8:9a:bf:d2:c3:54:20:5c:c3:f6
Signer

Actual PE Digest

9b:a6:95:96:62:a1:56:1a:6e:87:2b:dd:97:8e:58:42:72:ea:9b:69:2c:cb:d8:9a:bf:d2:c3:54:20:5c:c3:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\SRUnPackFile.pdb

Imports

kernel32

GetStartupInfoW
HeapAlloc
HeapFree
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetTickCount
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
SetErrorMode
lstrlenA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CompareStringW
InterlockedDecrement
InterlockedIncrement
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GlobalLock
GlobalUnlock
FormatMessageW
DeleteFileW
DeviceIoControl
FindClose
QueryPerformanceCounter
GlobalFree
GlobalAlloc
FindNextFileW
GetFileAttributesW
FindFirstFileW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
TerminateProcess
GetCurrentProcess
LocalFree
SetLastError
GetCurrentThreadId
ReadFile
CreateFileW
GetModuleFileNameW
GetModuleHandleW
OpenProcess
GetExitCodeProcess
GetProcessId
GetSystemWindowsDirectoryW
GetCommandLineW
GetSystemDirectoryW
SetDllDirectoryW
GetLastError
CreateMutexW
GetLocalTime
GetSystemTime
MultiByteToWideChar
GetDiskFreeSpaceExW
RemoveDirectoryW
SetCurrentDirectoryW
Sleep
GetTempPathW
CreateThread
WaitForSingleObject
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
lstrlenW
OutputDebugStringW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCPInfo
CloseHandle

user32

DestroyMenu
UnregisterClassW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetDlgCtrlID
SetWindowTextW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetCapture
ClientToScreen
UnhookWindowsHookEx
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
MessageBoxW
GetWindowThreadProcessId
GetWindowTextW
IsWindowVisible
GetClassNameW
ShowWindow
GetForegroundWindow
SetCursor
LoadCursorW
GetWindow
GetWindowPlacement
GetWindowRect
PtInRect
PostMessageW
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
SetForegroundWindow
GetClassInfoExW

gdi32

TextOutW
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutW

comdlg32

GetFileTitleW

advapi32

RegQueryValueW
RegOpenKeyW
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegCloseKey
RegOpenCurrentUser
RevertToSelf
ImpersonateLoggedOnUser

shell32

SHGetFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b11a76e5ca6e8d34241bd3628d4639b

Code Sign

0c:7e:ec:c8:c5:e1:d1:fb:52:92:56:a2:d3:10:f0:71Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

9b:a6:95:96:62:a1:56:1a:6e:87:2b:dd:97:8e:58:42:72:ea:9b:69:2c:cb:d8:9a:bf:d2:c3:54:20:5c:c3:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 182KB - Virtual size: 182KB

0c:7e:ec:c8:c5:e1:d1:fb:52:92:56:a2:d3:10:f0:71
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

9b:a6:95:96:62:a1:56:1a:6e:87:2b:dd:97:8e:58:42:72:ea:9b:69:2c:cb:d8:9a:bf:d2:c3:54:20:5c:c3:f6
Signer

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 182KB - Virtual size: 182KB