icedid | e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d | Triage

Analysis

max time kernel
147s
max time network
148s
platform
windows10_x64
resource
win10v20201028
submitted
13-11-2020 15:59

Sharing

Report Analysis Logs

General

Target

e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d.exe
Size

745KB
MD5

819493760a772c14fc7cd3c5797dc513
SHA1

d6e545e9d88441b2f1d47db257a0826db8fabfd5
SHA256

e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d
SHA512

5a1ea2617d24eac828b107f3711d3ce8239e11388da64126c75ac252c07ede2ec6fe32b27428c314cb4dc344d6fc73079221e03321cb883d8f6e359c761effb0

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4800-0-0x00000000005E0000-0x00000000005E5000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d.exe

pid process

4800 e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d.exe

C:\Users\Admin\AppData\Local\Temp\e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d.exe
"C:\Users\Admin\AppData\Local\Temp\e2d65124ddaa1480a1574464352f26d1324bb2171bde499fbb4a6b89c4cfae2d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4800-0-0x00000000005E0000-0x00000000005E5000-memory.dmp

Filesize
20KB

Download