icedid | ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7v20201028
submitted
04-03-2021 11:56

Sharing

Report Analysis Logs

General

Target

ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2.exe_.exe
Size

325KB
MD5

0b9a70e941aa0d952623ae55c3f90ab3
SHA1

edbf7c46c373b496f6c6f849622d7e5fe30c10dc
SHA256

ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2
SHA512

6266d113b603311cf2b0cad35f6633c0cfb1b644630848ff2cc36e55a6f8133f3acc1a5ca82decffff1d0d74e3062f8ab27979037ba12e043af80058000642be

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

layerfatfek.club

tenpounds.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/776-3-0x0000000001000000-0x0000000001006000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2.exe_.exe
"C:\Users\Admin\AppData\Local\Temp\ed9920f7ad0f780fc7a9496406e2c5dbca6d5d59c5fae9be7b88486f693169d2.exe_.exe"
1⤵
PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-2-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/776-3-0x0000000001000000-0x0000000001006000-memory.dmp

Filesize
24KB

Download
memory/776-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download