2024-04-30_3b446deb6aee2ca342272b205ab2129a_floxif_icedid_necurs_skypams

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-30_3b446deb6aee2ca342272b205ab2129a_floxif_icedid_necurs_skypams
Size

13.5MB
MD5

3b446deb6aee2ca342272b205ab2129a
SHA1

b903eefde41ec5569cde56e1099f658a46742bc6
SHA256

74ece3247e0ac394e26c862fa2000a05e34ecf0316561e4acfc087ee230adf8c
SHA512

21ce4ef2328cc4344481eda62957a7e762f80bedea27adfb8444f3d90ddf636813f0f83bdf2e6b07616dfdace00e8b6ab6d99fc8d5f4541f5351d53192408ba9
SSDEEP

196608:2P+2TT3YcZjgVJ5Fzht2f5JuIG371/P50bczzr4oESybtxnpC3FXtqV9+C81zSwl:k+2/X1xnpOaYsF1aH06

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-30_3b446deb6aee2ca342272b205ab2129a_floxif_icedid_necurs_skypams

Files

2024-04-30_3b446deb6aee2ca342272b205ab2129a_floxif_icedid_necurs_skypams
.exe windows:5 windows x86 arch:x86

3b4fdda4c1ff98b952839d52cf80adfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-14449759\vos3\thinstall\modules\boot_loader.pdb

Imports

kernel32

WaitForSingleObject
Sleep
CloseHandle
DuplicateHandle
CreateProcessW
GetStartupInfoW
GetEnvironmentVariableW
GetCurrentProcess
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
MoveFileExW
SetEnvironmentVariableW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
GetLastError
ExpandEnvironmentStringsW
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
WriteFile
LeaveCriticalSection
EnterCriticalSection
HeapSize
VirtualQuery
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
DecodePointer
EncodePointer
RaiseException
RtlUnwind
GetCommandLineA
LoadLibraryW
GetProcAddress
GetCurrentThreadId
ExitProcess
FormatMessageW
SetLastError
LocalFree
LoadLibraryExW

user32

wsprintfW
MessageBoxW

ntdll

RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlFreeSid
RtlCreateAcl
RtlLengthSid
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
NtReadVirtualMemory
NtSetInformationProcess
NtRaiseHardError
NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlRaiseException
NtReleaseMutant
NtCreateMutant
NtSetEvent
NtOpenEvent
NtQueryVirtualMemory
NtSetInformationFile
NtQueryDirectoryFile
NtClearEvent
NtCreateEvent
LdrUnloadDll
NtWriteVirtualMemory
NtReadFile
NtQueryFullAttributesFile
NtQueryInformationFile
NtOpenFile
NtMapViewOfSection
NtCreateSection
RtlMultiByteToUnicodeN
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
RtlCompareUnicodeString
RtlInitAnsiString
NtAllocateVirtualMemory
RtlGetVersion
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtDuplicateObject
NtWaitForSingleObject
LdrGetDllHandle
NtDelayExecution
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtOpenDirectoryObject
RtlInitUnicodeString
NtQuerySystemInformation
NtQueryInformationProcess
NtOpenSection
NtProtectVirtualMemory
NtUnmapViewOfSection
NtClose
RtlNtStatusToDosError
LdrLoadDll
RtlAddAccessAllowedAce

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b4fdda4c1ff98b952839d52cf80adfa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ntdll

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 153KB - Virtual size: 160KB

.rsrc Size: 116KB - Virtual size: 115KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 153KB - Virtual size: 160KB

.rsrc
Size: 116KB - Virtual size: 115KB