icedid | 202407025fbfaae172e308b46c85a3dd83600420icedid

General

Target

202407025fbfaae172e308b46c85a3dd83600420icedid
Size

14KB
MD5

5fbfaae172e308b46c85a3dd83600420
SHA1

86fabb3dec1d9429eaa805c44b08a16b654e5f64
SHA256

9602494ea416005d1e728b66c9c20ce273f2810c4d92b75c09b52cb5b39c0244
SHA512

e11a0b8125d888efa6ec4639c8403d49f44214fb9eb665ee019e40ed0d5e8c76d5223c30a4738a48b6cb6323eb96043e930840a63153552a5bc75965fd0d438f
SSDEEP

192:eC+YPv6UOyDqZ1KcMzqTHG+3F+j7rT9z7VYe/7Vd/5A27E0mgGnf7:eev6UbqZ1K7zX+3q7PEe/7Vd227E0lMT

Score

10^/10

loader 1776411935 icedid

Malware Config

Extracted

Family

icedid

Campaign

1776411935

C2

eliskapalu.com

Signatures

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
202407025fbfaae172e308b46c85a3dd83600420icedid

Files

202407025fbfaae172e308b46c85a3dd83600420icedid
.exe windows:6 windows x64 arch:x64

3a0cfb574e9f4ca8db6893e099e2d5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW
LookupAccountNameW

winhttp

WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect

kernel32

WideCharToMultiByte
lstrlenW
VirtualProtect
VirtualAlloc
lstrcatA
lstrcpyA
Sleep
GetTempPathA
CreateDirectoryA
LoadLibraryA
GetProcAddress
GetComputerNameExW
ExitProcess
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
WriteFile
CloseHandle
HeapReAlloc
GetLastError
SwitchToThread
GetTickCount64

shell32

SHGetFolderPathA

msvcrt

memset

user32

wsprintfW

Sections

.c
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

3a0cfb574e9f4ca8db6893e099e2d5bb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

winhttp

kernel32

shell32

msvcrt

user32

Sections

.c Size: 7KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 396B

.r Size: 512B - Virtual size: 416B

.d Size: 512B - Virtual size: 128B

.c
Size: 7KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 396B

.r
Size: 512B - Virtual size: 416B

.d
Size: 512B - Virtual size: 128B