icedid | 47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3 | Triage

Analysis

max time kernel
150s
max time network
153s
platform
windows10_x64
resource
win10v20201028
submitted
14-11-2020 18:13

Sharing

Report Analysis Logs

General

Target

47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe
Size

715KB
MD5

ca8b82468e8e170fb1812705d2c75a50
SHA1

efab763b8039eb2f722e93fbe04abb4a97ea9f03
SHA256

47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3
SHA512

d59bc4b6a0611de95928c8ab1c403d475f6bbf4bf0e63d462a9ff670d85f51d7f0188479416c28245af51fcb1d4380abb8654fc26c30918e49c220d5dbf74af5

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/424-0-0x0000000002360000-0x0000000002365000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe

pid process

424 47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe

C:\Users\Admin\AppData\Local\Temp\47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe
"C:\Users\Admin\AppData\Local\Temp\47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/424-0-0x0000000002360000-0x0000000002365000-memory.dmp

Filesize
20KB

Download