Analysis

  • max time kernel
    147s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    14-11-2020 18:13

General

  • Target

    9d469a4a0f0878719e7f2677c8e98b4befc2a2948dce529a9ea9ec427b13cbe2.exe

  • Size

    667KB

  • MD5

    59f93787ec27a6cb7db86a0d7b345c2a

  • SHA1

    0099c1410b56bc9861fce9c6df7ca06505ad0255

  • SHA256

    9d469a4a0f0878719e7f2677c8e98b4befc2a2948dce529a9ea9ec427b13cbe2

  • SHA512

    497e344b3eeca70a9aeb4eb5435ccf8634f5ac45e9e02b24e4196fa355f40e66a6681be57505ebab6c0cdc65ef242882f77fc295b7baeda231825ffba27b1ecf

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d469a4a0f0878719e7f2677c8e98b4befc2a2948dce529a9ea9ec427b13cbe2.exe
    "C:\Users\Admin\AppData\Local\Temp\9d469a4a0f0878719e7f2677c8e98b4befc2a2948dce529a9ea9ec427b13cbe2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1876-0-0x0000000000250000-0x0000000000255000-memory.dmp

    Filesize

    20KB