icedid | 8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a | Triage

Analysis

max time kernel
147s
max time network
151s
platform
windows10_x64
resource
win10v20201028
submitted
13-11-2020 15:54

Sharing

Report Analysis Logs

General

Target

8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a.exe
Size

728KB
MD5

8f1ad26698608583fed4088cf681e604
SHA1

d539566315213fbb51bffb13980e6e291a58fc8c
SHA256

8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a
SHA512

7964575dcf9d2ae4ee20ee5bcfaf8e19529289e600a068e10c9037fc315667a04767e5919abb0e612c719f3b06c8d453adb213161fbcef60b3bfb567f4043282

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1304-0-0x0000000000510000-0x0000000000515000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a.exe

pid process

1304 8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a.exe

C:\Users\Admin\AppData\Local\Temp\8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a.exe
"C:\Users\Admin\AppData\Local\Temp\8aed42b1e1f541c627056598d2ab96ffb0ddc90909c512743d347666dbc2122a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-0-0x0000000000510000-0x0000000000515000-memory.dmp

Filesize
20KB

Download