icedid | fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4 | Triage

Analysis

max time kernel
146s
max time network
145s
platform
windows10_x64
resource
win10v20201028
submitted
09-11-2020 21:51

Sharing

Report Analysis Logs

General

Target

fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4.exe
Size

778KB
MD5

0ca3d542a7cb6f3bcdb3f9d2b6afd92e
SHA1

a249768a1d905f9bc29cd8b5be74b8b29e65cbb3
SHA256

fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4
SHA512

7ae3a7c5adc6ebaa337e7ddb0a452396654cd0ace2659b365f532b2a6d50652ca94e2ec17f1ae7af6c3e14ba2a727ad94f08ba6dda50fda58b56b3686360a2ae

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3944-0-0x0000000000620000-0x0000000000625000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4.exe

pid process

3944 fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4.exe

C:\Users\Admin\AppData\Local\Temp\fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4.exe
"C:\Users\Admin\AppData\Local\Temp\fcbb11a2263be2ef8cdaaf085c606208dc93f61a0ca3da10f320eeffbba4b3a4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3944-0-0x0000000000620000-0x0000000000625000-memory.dmp

Filesize
20KB

Download