icedid | fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2 | Triage

Analysis

max time kernel
146s
max time network
145s
platform
windows7_x64
resource
win7v20210410
submitted
11-05-2021 11:24

Sharing

Report Analysis Logs

General

Target

fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe
Size

168KB
MD5

a4eb246e65737a9d483625a6acab03c7
SHA1

5054783070a6cbe6d8b6414be1e89ecf8b1c4318
SHA256

fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2
SHA512

9791671ed46aac7926277110b179c0e8616380ef40542e2fd82061c454d858cc2f4d873809e8b7c8047fe1a033c0001e18823eaf4d7b7de8fa5607b3960885e9

Score

10^/10

icedid banker loader trojan

Malware Config

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1888-61-0x0000000000260000-0x0000000000266000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1888-64-0x0000000000250000-0x0000000000253000-memory.dmp	IcedidFirstLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe

pid	process
1888	fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe
1888	fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe

C:\Users\Admin\AppData\Local\Temp\fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe
"C:\Users\Admin\AppData\Local\Temp\fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1888-60-0x0000000075161000-0x0000000075163000-memory.dmp

Filesize
8KB

Download
memory/1888-61-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download
memory/1888-64-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download