icedid | 1744-54-0x0000000000020000-0x0000000000028000-memory[.]dmp | Triage

Sharing

General

Target

1744-54-0x0000000000020000-0x0000000000028000-memory.dmp
Size

32KB
MD5

dd98c5c7e0a1f287a9d9a576ae474634
SHA1

39849ddc93d78243a6c5bc228cb72dabe631e96b
SHA256

1f7e998f98158e2d3955f0a945315f0bbac63a754a17692bc33165a722bce04d
SHA512

52013771c6fc558e2ce378bcd85f180aa98c80f0a6cd979834239c37b1fc4d679e29b6150e93e6ce7ec0d5a9844f36961eee8517a28b8d6dd44844d742fc6440
SSDEEP

192:caBnU7ThdZzpk4EJmxQQTHGKZFTkUV2U+A5+ZrCi598xf+rs:caBUn3Zz6mxQNqNVH+A5+ZrCiif+rs

Score

10^/10

loader 2316871781 icedid

Malware Config

Extracted

Family

icedid

Campaign

2316871781

C2

hloyagorepa.com

Signatures

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1744-54-0x0000000000020000-0x0000000000028000-memory.dmp

Files

1744-54-0x0000000000020000-0x0000000000028000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.c
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE