2024-06-28_a0e36bf7ec2355d9304df551bec2d7be_icedid_magniber_sakula

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_a0e36bf7ec2355d9304df551bec2d7be_icedid_magniber_sakula
Size

22.3MB
MD5

a0e36bf7ec2355d9304df551bec2d7be
SHA1

2eb26ce2a1e7fd960ac7dba1ff78532c777185a9
SHA256

265f1f7884fc6083db657935c195b59b184805f9acac04309023a3576f292fa4
SHA512

fc9a76b2ec655222d8b8e8bddb89909f7a2dce313a832aa8b1e85193dc29d8ea14504f7cfcb6671ca9b48d82d55faacb4e09340ba60182394dbebb517f12e2aa
SSDEEP

393216:nnSvCEJi1BEmEC0QuImhIKjWcgjB8IU7oKrZAQMu4G+56d0jSBufcOIlXESZ8mFl:nsCEJi1BEnvQu7vja8IDKrZMu4GwjSBP

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Files

2024-06-28_a0e36bf7ec2355d9304df551bec2d7be_icedid_magniber_sakula
.exe windows:4 windows x86 arch:x86

0f5bf06aa5bed881c4b346238d906df5

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:89:74:53:03:9c:1a:54:55:c7:eb:49:28:5a:83:8d:6b:b6:8c:2a:07:24:b3:73:fb:41:44:59:b9:f0:44:56
Signer

Actual PE Digest

23:89:74:53:03:9c:1a:54:55:c7:eb:49:28:5a:83:8d:6b:b6:8c:2a:07:24:b3:73:fb:41:44:59:b9:f0:44:56

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

winmm

waveOutPrepareHeader
PlaySoundA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutRestart
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
waveOutUnprepareHeader
midiOutPrepareHeader

ws2_32

inet_ntoa
WSACleanup
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl

kernel32

TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetTempFileNameA
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsDBCSLeadByte
GlobalDeleteAtom
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
SuspendThread
TerminateThread
ReleaseMutex
CreateMutexA
GetVersion
GetTimeZoneInformation
SetLastError
GlobalHandle
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
TlsAlloc
LocalAlloc
GlobalFindAtomA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
GlobalGetAtomNameA
GlobalAddAtomA
InterlockedExchange
GetProfileIntA
FindResourceExA
lstrcpyW
lstrcmpA

user32

GetTabbedTextExtentA
wvsprintfA
ShowOwnedPopups
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
HideCaret
GetSysColorBrush
GetWindowTextA
GetDlgItem
FindWindowA
keybd_event
GetClassNameA
GetDesktopWindow
VkKeyScanExA
GetKeyboardLayout
GetNextDlgTabItem
UnionRect
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
LoadStringA
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
InvertRect
InsertMenuA
GetMenuStringA
RemoveMenu
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
ClipCursor
DestroyCaret
ShowCaret
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
GetAsyncKeyState
MapDialogRect
InSendMessage
UnregisterClassA
GetDCEx
GetCaretPos
SetCaretPos
CreateCaret
GetDlgCtrlID

gdi32

BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
EndPath
PolyBezierTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
GetTextMetricsA
GetMapMode
SetRectRgn
GetCharWidthA
CopyMetaFileA
AbortDoc
SetAbortProc
EnumFontFamiliesA
CreateICA
PtInRegion
RectInRegion
CreateEllipticRgnIndirect
Polyline
DeleteEnhMetaFile
SetWinMetaFileBits
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileBits
FrameRgn
CloseFigure
GetPath
StrokeAndFillPath
OffsetRgn
SetPolyFillMode
RestoreDC
SaveDC
PathToRegion
CreateEllipticRgn
DeleteMetaFile
CloseMetaFile
GetTextAlign
GetNearestColor
GetTextFaceA
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
GetDeviceCaps
GetTextExtentPoint32A
Polygon
Arc
Chord
Pie
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
SetPixelV
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
EnumFontFamiliesExA
CreateFontA
SetDIBitsToDevice
StretchDIBits
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
SetROP2

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetOpenFileNameA
CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameA
PrintDlgA
GetFileTitleA

advapi32

RegQueryValueExA
RegOpenKeyExA
GetFileSecurityA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
SetFileSecurityA
RegOpenKeyA
RegSetValueA
RegCreateKeyExA
RegCloseKey

shell32

DragQueryFileA
Shell_NotifyIconA
ExtractIconA
DragFinish
SHGetFileInfoA
ShellExecuteA

ole32

OleSetMenuDescriptor
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoUninitialize
CoInitialize
CoGetClassObject
OleSetClipboard
CreateFileMoniker
CoLockObjectExternal
OleQueryCreateFromData
OleGetClipboard
CreateGenericComposite
CreateItemMoniker
OleSaveToStream
WriteClassStm
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSave
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateFromData
OleSetContainedObject
OleLockRunning
OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CoDisconnectObject
OleIsRunning
OleLoad
OleConvertOLESTREAMToIStorage
OleGetIconOfClass

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
UnRegisterTypeLi
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayPutElement

odbc32

ord18
ord44
ord3
ord54
ord68
ord72
ord4
ord48
ord49
ord20
ord17
ord59
ord8
ord19
ord46
ord12
ord43
ord41
ord2
ord1
ord50
ord45
ord51
ord15
ord9
ord14
ord11
ord13
ord16
ord5
ord10

comctl32

DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Read
ImageList_Duplicate

wininet

InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FtpGetFileA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

imm32

ImmGetContext
ImmGetCompositionStringA
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionWindow

wldap32

ord29

oledlg

ord11
ord4
ord3

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20.0MB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f5bf06aa5bed881c4b346238d906df5

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

23:89:74:53:03:9c:1a:54:55:c7:eb:49:28:5a:83:8d:6b:b6:8c:2a:07:24:b3:73:fb:41:44:59:b9:f0:44:56Signer

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

wininet

imm32

wldap32

oledlg

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 20.0MB - Virtual size: 20.0MB

.data Size: 164KB - Virtual size: 519KB

.rsrc Size: 152KB - Virtual size: 148KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

23:89:74:53:03:9c:1a:54:55:c7:eb:49:28:5a:83:8d:6b:b6:8c:2a:07:24:b3:73:fb:41:44:59:b9:f0:44:56
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 20.0MB - Virtual size: 20.0MB

.data
Size: 164KB - Virtual size: 519KB

.rsrc
Size: 152KB - Virtual size: 148KB