Behavioral task
behavioral1
Sample
c8e0e04fc971f4630e94c375e40659c4.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c8e0e04fc971f4630e94c375e40659c4.exe
Resource
win10v2004-20240226-en
General
-
Target
c8e0e04fc971f4630e94c375e40659c4
-
Size
5KB
-
MD5
c8e0e04fc971f4630e94c375e40659c4
-
SHA1
280644f3b8ee0462bdb5cf95f0cfdf8416ac6702
-
SHA256
a666237b17b8b01395211b3af5bccd2926fc2ae745261c17e5471a35f57d13f8
-
SHA512
c38d2c3cd7cdc360cad70fb9d0e5aca423b9245e09d810624ed9c0ae0ec0e13935bcc1465def243e3b9cb83cb7070aabe0104d616aecdb1c30c9c7190f4b0d7b
-
SSDEEP
96:MMqEESUUhDYXAybZACN3fICtECLi0/r3mvuHg:MMqr7UhcXAybZBrWwjM
Malware Config
Extracted
icedid
507327483
boldidiotruss.xyz
nizaoplov.xyz
153ishak.best
ilu21plane.xyz
-
auth_var
2
-
url_path
/index.php
Signatures
Files
-
c8e0e04fc971f4630e94c375e40659c4.exe windows:5 windows x86 arch:x86
0e18f33408be6e4cb217f0266066c51c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
GetUserNameA
shell32
SHGetFolderPathA
kernel32
lstrcpyA
ExitProcess
CreateDirectoryA
lstrcatA
Sleep
lstrlenA
ReadFile
HeapFree
WriteFile
CreateFileA
CloseHandle
HeapAlloc
GetFileSize
GetProcessHeap
GetModuleFileNameA
VirtualProtect
VirtualAlloc
HeapReAlloc
winhttp
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpReadData
user32
wsprintfA
wsprintfW
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 140B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ