Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-11-2020 18:13

General

  • Target

    47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe

  • Size

    715KB

  • MD5

    ca8b82468e8e170fb1812705d2c75a50

  • SHA1

    efab763b8039eb2f722e93fbe04abb4a97ea9f03

  • SHA256

    47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3

  • SHA512

    d59bc4b6a0611de95928c8ab1c403d475f6bbf4bf0e63d462a9ff670d85f51d7f0188479416c28245af51fcb1d4380abb8654fc26c30918e49c220d5dbf74af5

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe
    "C:\Users\Admin\AppData\Local\Temp\47981dd7e8b2b7049e4ad99cff159b971a0702fde3ace2ab12d8613e975b67d3.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/424-0-0x0000000002360000-0x0000000002365000-memory.dmp
    Filesize

    20KB