icedid | 2025-02-22_7df14dce0204fb972cc15d4bb64208fb_icedid | Triage

Sharing

General

Target

2025-02-22_7df14dce0204fb972cc15d4bb64208fb_icedid
Size

8KB
MD5

7df14dce0204fb972cc15d4bb64208fb
SHA1

be850ed5e78f4f0e3684018cc3c8448d6a1f79da
SHA256

e8b94729abbd6dbe4cd231a5ab60877a165aa44a0de1ca3c1092119ef1092802
SHA512

04752b0dfd91156743e7a282ea96519d9ab935006122537a4f05282225ebd97c4d8684269376501673932e72028acd7c86e07c035c5ff361f7a9d1496da769ce
SSDEEP

192:HyWz5xwfe8wzGptUh8AUxObXlvex7wQO9Ce61:H15dFh8AUml0i9C

Score

10^/10

loader icedid

Malware Config

Extracted

Family

icedid

Signatures

IcedID Second Stage Loader 1 IoCs

resource	yara_rule
sample	IcedidSecondLoader

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-22_7df14dce0204fb972cc15d4bb64208fb_icedid

Files

2025-02-22_7df14dce0204fb972cc15d4bb64208fb_icedid
.exe windows:5 windows x86 arch:x86

a188f9ca081f5d553d295623012bedb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

advapi32

GetUserNameA

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetOption
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetStatusCallback

kernel32

WriteFile
CreateFileA
HeapReAlloc
MultiByteToWideChar
ExitProcess
lstrcpyA
Sleep
VirtualAlloc
VirtualProtect
GetModuleFileNameA
CreateDirectoryA
lstrcatA
lstrlenA
GetFileSize
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
CloseHandle

user32

wsprintfA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ