icedid | fbb306044c121ab62e197b982b69f0d078a37c48241b91b21223aa6ee78837bf | Triage

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 14:49

Sharing

Report Analysis Logs

General

Target

cf8383406cce0a15cbefab2e418898e3.exe
Size

705KB
MD5

881fa18418a27bc56475965d71d59985
SHA1

793fc318a31e18499e4b3824e1725b000983d327
SHA256

fbb306044c121ab62e197b982b69f0d078a37c48241b91b21223aa6ee78837bf
SHA512

f4eea5a37c60846e8d1e4c2b4b6b5186c9842af5b9e527981b66a1faaad82ea75de81621ec35d8631e3ba9eca5a7f3284cb3ae701d95f203f3503c30714a7c8b

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1980-0-0x00000000003D0000-0x00000000003D5000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

cf8383406cce0a15cbefab2e418898e3.exe

pid process

1980 cf8383406cce0a15cbefab2e418898e3.exe

C:\Users\Admin\AppData\Local\Temp\cf8383406cce0a15cbefab2e418898e3.exe
"C:\Users\Admin\AppData\Local\Temp\cf8383406cce0a15cbefab2e418898e3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-0-0x00000000003D0000-0x00000000003D5000-memory.dmp

Filesize
20KB

Download