2024-04-26_7b72f33101ee6b93cee239acf5ae493f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_7b72f33101ee6b93cee239acf5ae493f_icedid
Size

11.0MB
MD5

7b72f33101ee6b93cee239acf5ae493f
SHA1

d478374b09aa875dd58364640909c0452633fdce
SHA256

3046398a928ef23acfa036daaa8ea7974f2a8495ee89cd35ccca0dc68208f4ea
SHA512

100a18ef173904e242be05b0f5b2c8c8a2c870fb90e986a74b21b96c1fb991f0d491e7389184c4809354feb1604f421b62b3c72757c2c0ca74773873bb74c4a6
SSDEEP

196608:fzX6oEeQ//CXgggxgggFggg1gggYgggghgggygggDXgggCgggcggggggPgggCggZ:rqIXgggxgggFggg1gggYgggghgggygga

Score

10^/10

Malware Config

Signatures

Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients

Files

2024-04-26_7b72f33101ee6b93cee239acf5ae493f_icedid
.exe windows:6 windows x86 arch:x86

8325d2953620d6c7480b9da85866983a

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB

Not Before

05/01/2024, 00:00

Not After

04/01/2027, 23:59

Subject

SERIALNUMBER=064194,CN=Xenarmor Global Security Solutions Private Limited,O=Xenarmor Global Security Solutions Private Limited,ST=Karnataka,C=IN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:01:80:3b:37:a8:63:8f:27:77:dc:7e:56:f2:1c:89:72:b7:c2:80:82:11:03:d1:05:18:0f:5e:28:5d:93:76
Signer

Actual PE Digest

c9:01:80:3b:37:a8:63:8f:27:77:dc:7e:56:f2:1c:89:72:b7:c2:80:82:11:03:d1:05:18:0f:5e:28:5d:93:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\windows\XenArmorFTPPasswordRecoveryPro\Release\FTPPasswordRecoveryPro.pdb

Imports

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
CompareStringW
GetStdHandle
IsProcessorFeaturePresent
HeapQueryInformation
GetCommandLineW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
QueryPerformanceFrequency
GetStringTypeW
RaiseException
WriteConsoleW
InitializeSListHead
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTempFileNameA
GetProfileIntA
SearchPathA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
SetErrorMode
FindResourceExW
VerifyVersionInfoA
lstrcpyA
GetACP
GetThreadLocale
FileTimeToSystemTime
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
IsDebuggerPresent
TlsSetValue
TlsGetValue
TlsAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetSystemDirectoryW
EncodePointer
SetLastError
MulDiv
GlobalFree
GlobalSize
GetFileType
DuplicateHandle
GetCurrentDirectoryA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
LockFileEx
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
HeapValidate
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
AreFileApisANSI
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExA
MapViewOfFile
ExitProcess
GetFileSize
LocalFree
CreateFileMappingA
GetLocalTime
GetWindowsDirectoryA
DeleteFileA
CreateFileA
CopyFileA
GetTickCount64
GetTempPathA
Sleep
GetCommandLineA
UnmapViewOfFile
GetVolumeInformationA
FindClose
InitializeCriticalSectionAndSpinCount
FindNextFileA
FindFirstFileA
ReadFile
FindResourceW
SizeofResource
GetModuleFileNameA
FreeLibrary
lstrcpynA
MultiByteToWideChar
GlobalUnlock
CreateProcessA
VerifyVersionInfoW
lstrcmpiA
WideCharToMultiByte
VerSetConditionMask
GlobalLock
GetProcAddress
LoadResource
CloseHandle
GlobalAlloc
LockResource
GetVersionExA
LoadLibraryA
GetFileAttributesA
GetSystemWindowsDirectoryA
GetModuleHandleA
FindResourceA
GetDriveTypeA
GetCurrentProcess
GetLogicalDrives
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
HeapFree

user32

KillTimer
SetTimer
DeleteMenu
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
GetSysColorBrush
IntersectRect
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
CheckMenuItem
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
WaitMessage
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
TranslateAcceleratorA
GetMenu
LoadMenuA
InsertMenuItemA
UnregisterClassA
SetClipboardData
GetSysColor
EmptyClipboard
CloseClipboard
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
InflateRect
PostMessageA
LoadCursorW
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IsRectEmpty
MessageBeep
TrackMouseEvent
LoadImageW
SetLayeredWindowAttributes
EnumDisplayMonitors
IsZoomed
SetWindowRgn
NotifyWinEvent
CreatePopupMenu
GetIconInfo
WindowFromPoint
OffsetRect
GetCapture
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
BringWindowToTop
GetWindowTextA
OpenClipboard
EnableWindow
SendMessageA
LoadImageA
GetCursorPos
ReleaseDC
InvalidateRect
UpdateWindow
EnableMenuItem
GetClientRect
AppendMenuA
LoadIconA
LoadIconW
LoadBitmapW
RegisterHotKey
GetActiveWindow
GetSubMenu
SetMenuItemBitmaps
IsWindowVisible
GetDC
GetWindowRect
LoadMenuW
UnregisterHotKey
GetSystemMenu
ReleaseCapture
PtInRect
GetParent
SetCursor
SetCapture
SetWindowLongA
RedrawWindow
LoadCursorA
DrawStateA
DrawEdge
GetNextDlgGroupItem
SetRectEmpty
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
DrawFocusRect
GetWindowLongA
ClientToScreen
LoadAcceleratorsA
DrawIconEx
HideCaret
InvertRect
SetClassLongA
SetParent
DrawFrameControl
SetCursorPos
CopyIcon
FrameRect
DrawIcon
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
LockWindowUpdate
CharUpperBuffA
ModifyMenuA
PostThreadMessageA
GetComboBoxInfo
IsCharLowerA
MapVirtualKeyExA
GetDoubleClickTime
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
SetMenu
IsClipboardFormatAvailable

gdi32

SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
CreateDIBitmap
RestoreDC
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
LPtoDP
OffsetRgn
Rectangle
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceA
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
PatBlt
CreateRectRgnIndirect
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
BitBlt
SelectObject
SetDIBitsToDevice
SetStretchBltMode
CreateFontIndirectA
CreateCompatibleBitmap
CreateFontA
CreateCompatibleDC
StretchBlt
GetStockObject
GetObjectA
DeleteObject
EnumFontFamiliesA
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptGetHashParam
CryptImportKey
CryptSetKeyParam
RegOpenKeyExA
OpenProcessToken
CryptDestroyHash
CryptHashData
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
CredEnumerateA
CredFree
CryptDeriveKey
RegEnumValueA
RegEnumKeyExA
CryptDestroyKey
AdjustTokenPrivileges
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueA
GetUserNameA
CryptDecrypt
LookupAccountNameA
CryptCreateHash
CryptReleaseContext

shell32

SHGetFolderPathA
ord165
DragAcceptFiles
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragFinish
SHGetFileInfoA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw

shlwapi

PathFindExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA

uxtheme

GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor

ole32

CreateStreamOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
SafeArrayDestroy
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
LoadTypeLi
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocStringLen
VariantInit

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

crypt32

CryptUnprotectData

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8325d2953620d6c7480b9da85866983a

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c9:01:80:3b:37:a8:63:8f:27:77:dc:7e:56:f2:1c:89:72:b7:c2:80:82:11:03:d1:05:18:0f:5e:28:5d:93:76Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

crypt32

oleacc

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 432KB - Virtual size: 432KB

.data Size: 34KB - Virtual size: 117KB

.rsrc Size: 8.1MB - Virtual size: 8.1MB

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c9:01:80:3b:37:a8:63:8f:27:77:dc:7e:56:f2:1c:89:72:b7:c2:80:82:11:03:d1:05:18:0f:5e:28:5d:93:76
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 432KB - Virtual size: 432KB

.data
Size: 34KB - Virtual size: 117KB

.rsrc
Size: 8.1MB - Virtual size: 8.1MB