pandastealer | 2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid
Size

2.0MB
MD5

23759b4674c9e9ae889a976dec77b79a
SHA1

1cd87cb5875986e9f037c6d349e485cce2cac091
SHA256

bd01d037e56a5408610de59d9e99cfea8cf10ba524d1159385e7dcdc2c2a9b29
SHA512

3c8417c9a15220ac2aa3a27be1a5c234968a21f1db85c0057d1f1190093e73ee17406ecc9b08c3ee1de1f8b01a4d0b36d8e01ad9d681a2b2c526b75ed5191b92
SSDEEP

49152:dnCm+d9N62qGFY57j+eZphTzd4xWPwqiqD:872dhj+e3

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid

Files

2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid
.exe windows:4 windows x86 arch:x86

23d66467849a56c9bbd9ecc4afd2cbde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
SetStdHandle
GetFileType
HeapSize
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
FindResourceExA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
FreeResource
VirtualProtect
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetModuleFileNameA
GetVersion
GetCurrentProcess
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
CreateThread
GetTempPathA
CreateProcessA
WaitForSingleObject
TerminateThread
CopyFileA
GetFileSize
GetFileAttributesA
ReadFile
FreeLibrary
lstrcpyA
lstrcatA
GetLocalTime
FindFirstFileA
FindClose
FileTimeToSystemTime
DeleteFileA
CreateFileA
SystemTimeToFileTime
SetFileTime
SetFilePointer
SetEndOfFile
WriteFile
FlushFileBuffers
CloseHandle
lstrcmpiA
SetFileAttributesA
MoveFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenA
SetLastError
lstrcpynA
CreateDirectoryA
GetLastError
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
HeapFree

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
MapDialogRect
SetWindowPos
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetFocus
SetFocus
GetWindowRect
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetMenuState
GetPropA
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnregisterClassA
GetSystemMetrics
LoadIconA
GetClientRect
IsIconic
MessageBoxA
ExitWindowsEx
EnableWindow
GetParent
PostMessageA
CharUpperA
SendMessageA
wsprintfA
IsWindow
SendDlgItemMessageA

gdi32

EnumFontFamiliesExA
DeleteObject
PtVisible
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
RectVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegCreateKeyExA

comctl32

PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord17
ImageList_Destroy

shlwapi

PathSkipRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecA
PathFileExistsA

oleaut32

VariantClear
VariantChangeType
VariantInit

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

HttpQueryInfoA
InternetReadFile
InternetCrackUrlA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetOptionA

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.temp
Size: 8KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23d66467849a56c9bbd9ecc4afd2cbde

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

version

wininet

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.temp Size: 8KB - Virtual size: 64KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.temp
Size: 8KB - Virtual size: 64KB