icedid | a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264 | Triage

Analysis

max time kernel
148s
max time network
15s
platform
windows7_x64
resource
win7v20201028
submitted
13-11-2020 16:21

Sharing

Report Analysis Logs

General

Target

a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264.exe
Size

781KB
MD5

489f6da8a3806c256fd422d1dd906d6c
SHA1

d6125e8a64216f37fe618887b088ff94008cc548
SHA256

a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264
SHA512

45f25d99a871fc9a68a55e7ec872a011cca79b6d9d75cc1334bac24cb2184254d202261cc46fd1dcf748c775f731a6cc549310663bd5a42ab6bcf720abcc6865

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1924-0-0x00000000001E0000-0x00000000001E5000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264.exe

pid process

1924 a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264.exe

C:\Users\Admin\AppData\Local\Temp\a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264.exe
"C:\Users\Admin\AppData\Local\Temp\a03da506154fc38ee08248a9aae592d93261254ab27461cb5a79b5821d651264.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x00000000001E0000-0x00000000001E5000-memory.dmp

Filesize
20KB

Download