2024-04-26_5c96e7e61e4dbcfd20f2ba23c340b14f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_5c96e7e61e4dbcfd20f2ba23c340b14f_icedid
Size

11.9MB
MD5

5c96e7e61e4dbcfd20f2ba23c340b14f
SHA1

b39f06938f9d7b24bcae5848ad24cd22c1dcc237
SHA256

d5414e443f76961721f90987b1963694b215e35b61cec675b71bc527c412eea5
SHA512

4130f52a7eaf637cf2662612dc4eae16bc879be5b826d21766febc722c192fa6977cad1a334e500babef1cb1acaf36577d17bb9cdb380552c09bc2b097af97be
SSDEEP

196608:WlQcH3afM1L6V4gggygggDXgggCgggcggggggPgggCgggUXgggegggtggggtgggp:WhXgMgggygggDXgggCgggcggggggPggx

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients

Files

2024-04-26_5c96e7e61e4dbcfd20f2ba23c340b14f_icedid
.exe windows:6 windows x86 arch:x86

b1eb32aed3ed24d12d33c794f5e1fad9

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB

Not Before

05/01/2024, 00:00

Not After

04/01/2027, 23:59

Subject

SERIALNUMBER=064194,CN=Xenarmor Global Security Solutions Private Limited,O=Xenarmor Global Security Solutions Private Limited,ST=Karnataka,C=IN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:d8:5b:2e:4b:30:38:57:44:f0:97:e1:46:f7:30:3f:9a:ca:cd:c6:d1:ce:e7:5a:7b:db:29:9b:3f:a9:ed:dd
Signer

Actual PE Digest

a2:d8:5b:2e:4b:30:38:57:44:f0:97:e1:46:f7:30:3f:9a:ca:cd:c6:d1:ce:e7:5a:7b:db:29:9b:3f:a9:ed:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\windows\XenArmorAllInOnePasswordRecoveryPro\Release\AllInOnePasswordRecoveryPro.pdb

Imports

kernel32

GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
CompareStringW
GetStdHandle
SetEnvironmentVariableW
HeapQueryInformation
GetCommandLineW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
RtlUnwind
QueryPerformanceFrequency
GetStringTypeW
RaiseException
FreeEnvironmentStringsW
WriteConsoleW
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetLogicalDrives
Process32First
GetCurrentProcess
GetDriveTypeA
FindResourceA
GetModuleHandleA
GetSystemWindowsDirectoryA
CreateToolhelp32Snapshot
GetFileAttributesA
LoadLibraryA
GetVersionExA
LockResource
GlobalAlloc
Process32Next
CloseHandle
LoadResource
GetProcAddress
GlobalLock
VerSetConditionMask
WideCharToMultiByte
lstrcmpiA
VerifyVersionInfoW
CreateProcessA
GlobalUnlock
MultiByteToWideChar
lstrcpynA
FreeLibrary
GetModuleFileNameA
SizeofResource
FindResourceW
ReadFile
FindFirstFileA
FindNextFileA
InitializeCriticalSectionAndSpinCount
FindClose
GetVolumeInformationA
GetStartupInfoW
WaitForSingleObject
UnmapViewOfFile
OpenProcess
GetCommandLineA
Sleep
GetTempPathA
GetTickCount64
CopyFileA
CreateFileA
DeleteFileA
CreateThread
GetWindowsDirectoryA
GetLocalTime
CreateFileMappingA
LocalFree
GetFileSize
ExitProcess
GetComputerNameExA
MapViewOfFile
GetPrivateProfileStringA
GetFileAttributesExA
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
SetDllDirectoryA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
HeapValidate
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileW
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
LockFileEx
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetFileTime
GetCurrentDirectoryA
DuplicateHandle
GetFileType
CreateDirectoryA
DosDateTimeToFileTime
GlobalSize
GlobalFree
MulDiv
SetLastError
EncodePointer
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
lstrcmpA
GetPrivateProfileIntA
WritePrivateProfileStringA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetThreadLocale
GetACP
lstrcpyA
VerifyVersionInfoA
FindResourceExW
SetErrorMode
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SearchPathA
GetProfileIntA
GetTempFileNameA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
HeapFree

user32

CopyImage
GetSysColorBrush
IntersectRect
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
CheckMenuItem
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
GetAsyncKeyState
DeleteMenu
SetTimer
DefMDIChildProcA
UnregisterClassA
SetClipboardData
GetSysColor
EmptyClipboard
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
InflateRect
PostMessageA
GetIconInfo
KillTimer
WaitMessage
LoadCursorW
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IsRectEmpty
MessageBeep
TrackMouseEvent
LoadImageW
SetLayeredWindowAttributes
EnumDisplayMonitors
IsZoomed
SetWindowRgn
WindowFromPoint
OffsetRect
GetCapture
DestroyIcon
ClientToScreen
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
RealChildWindowFromPoint
CloseClipboard
OpenClipboard
EnableWindow
SendMessageA
LoadImageA
GetCursorPos
ReleaseDC
InvalidateRect
UpdateWindow
EnableMenuItem
GetClientRect
AppendMenuA
LoadIconA
LoadIconW
LoadBitmapW
RegisterHotKey
GetActiveWindow
GetSubMenu
SetMenuItemBitmaps
IsWindowVisible
GetDC
GetWindowRect
LoadMenuW
UnregisterHotKey
GetSystemMenu
ReleaseCapture
PtInRect
GetParent
SetCursor
SetCapture
SetWindowLongA
RedrawWindow
DefFrameProcA
LoadCursorA
DrawStateA
DrawEdge
GetNextDlgGroupItem
TranslateMDISysAccel
SubtractRect
SetRectEmpty
GetWindowLongA
CreateMenu
DestroyCursor
GetWindowRgn
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
GetDoubleClickTime
MapVirtualKeyExA
IsCharLowerA
GetComboBoxInfo
PostThreadMessageA
ModifyMenuA
CharUpperBuffA
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
DrawIcon
FrameRect
CopyIcon
SetCursorPos
DrawFrameControl
SetParent
SetClassLongA
InvertRect
HideCaret
DrawIconEx
DrawFocusRect
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
MonitorFromPoint

gdi32

GetTextFaceA
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
Rectangle
OffsetRgn
LPtoDP
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
SetPixel
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExA
CreateDIBSection
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
GetRgnBox
GetTextColor
GetBkColor
GetTextMetricsA
DPtoLP
SetRectRgn
GetMapMode
CombineRgn
GetTextExtentPoint32A
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
PatBlt
CreateRectRgnIndirect
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
BitBlt
SelectObject
SetDIBitsToDevice
SetStretchBltMode
CreateFontIndirectA
CreateCompatibleBitmap
CreateFontA
CreateCompatibleDC
StretchBlt
GetStockObject
GetObjectA
DeleteObject
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptGetHashParam
CryptImportKey
CryptSetKeyParam
RegOpenKeyExA
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RevertToSelf
CredEnumerateA
CredFree
CryptDeriveKey
ImpersonateLoggedOnUser
RegEnumValueA
RegEnumKeyExA
CryptDestroyKey
AdjustTokenPrivileges
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueA
GetUserNameA
CryptDecrypt
LookupAccountNameA
CryptReleaseContext

shell32

ShellExecuteA
SHGetFolderPathA
ord165
DragAcceptFiles
DragQueryFileA
SHAppBarMessage
SHGetDesktopFolder
DragFinish
SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathFindExtensionA

uxtheme

IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetThemePartSize

ole32

OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

VariantInit
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SysAllocStringLen
SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
SysAllocStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime

oledlg

ord8

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

userenv

ExpandEnvironmentStringsForUserA

crypt32

CryptUnprotectData

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1eb32aed3ed24d12d33c794f5e1fad9

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a2:d8:5b:2e:4b:30:38:57:44:f0:97:e1:46:f7:30:3f:9a:ca:cd:c6:d1:ce:e7:5a:7b:db:29:9b:3f:a9:ed:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

userenv

crypt32

oleacc

imm32

winmm

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 483KB - Virtual size: 482KB

.data Size: 96KB - Virtual size: 181KB

.rsrc Size: 8.7MB - Virtual size: 8.7MB

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a2:d8:5b:2e:4b:30:38:57:44:f0:97:e1:46:f7:30:3f:9a:ca:cd:c6:d1:ce:e7:5a:7b:db:29:9b:3f:a9:ed:dd
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 483KB - Virtual size: 482KB

.data
Size: 96KB - Virtual size: 181KB

.rsrc
Size: 8.7MB - Virtual size: 8.7MB