icedid | ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2 | Triage

Analysis

max time kernel
271s
max time network
273s
platform
windows10_x64
resource
win10v20201028
submitted
16-12-2020 15:41

Sharing

Report Analysis Logs

General

Target

ldr.bin.exe
Size

325KB
MD5

0b9a70e941aa0d952623ae55c3f90ab3
SHA1

edbf7c46c373b496f6c6f849622d7e5fe30c10dc
SHA256

ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2
SHA512

6266d113b603311cf2b0cad35f6633c0cfb1b644630848ff2cc36e55a6f8133f3acc1a5ca82decffff1d0d74e3062f8ab27979037ba12e043af80058000642be

Score

10^/10

icedid banker trojan

Malware Config

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Core Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4052-2-0x0000000003240000-0x00000000032E7000-memory.dmp	Icedid_core

C:\Users\Admin\AppData\Local\Temp\ldr.bin.exe
"C:\Users\Admin\AppData\Local\Temp\ldr.bin.exe"
1⤵
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4052-2-0x0000000003240000-0x00000000032E7000-memory.dmp

Filesize
668KB

Download