Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
17-11-2020 14:49
Static task
static1
Behavioral task
behavioral1
Sample
cf8383406cce0a15cbefab2e418898e3.exe
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
cf8383406cce0a15cbefab2e418898e3.exe
-
Size
705KB
-
MD5
881fa18418a27bc56475965d71d59985
-
SHA1
793fc318a31e18499e4b3824e1725b000983d327
-
SHA256
fbb306044c121ab62e197b982b69f0d078a37c48241b91b21223aa6ee78837bf
-
SHA512
f4eea5a37c60846e8d1e4c2b4b6b5186c9842af5b9e527981b66a1faaad82ea75de81621ec35d8631e3ba9eca5a7f3284cb3ae701d95f203f3503c30714a7c8b
Malware Config
Extracted
Family
icedid
C2
kostacardsplayer.pro
kostafootball.info
countrylandlords.info
landiscloudlord.red
Signatures
-
IcedID Second Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3988-0-0x0000000000600000-0x0000000000605000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
cf8383406cce0a15cbefab2e418898e3.exepid process 3988 cf8383406cce0a15cbefab2e418898e3.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3988-0-0x0000000000600000-0x0000000000605000-memory.dmpFilesize
20KB