icedid | fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2 | Triage

Analysis

max time kernel
148s
max time network
149s
platform
windows10_x64
resource
win10v20210408
submitted
11-05-2021 11:24

Sharing

Report Analysis Logs

General

Target

fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe
Size

168KB
MD5

a4eb246e65737a9d483625a6acab03c7
SHA1

5054783070a6cbe6d8b6414be1e89ecf8b1c4318
SHA256

fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2
SHA512

9791671ed46aac7926277110b179c0e8616380ef40542e2fd82061c454d858cc2f4d873809e8b7c8047fe1a033c0001e18823eaf4d7b7de8fa5607b3960885e9

Score

10^/10

icedid banker loader trojan

Malware Config

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/856-114-0x0000000002210000-0x0000000002216000-memory.dmp	IcedidFirstLoader
behavioral2/memory/856-117-0x00000000021F0000-0x00000000021F3000-memory.dmp	IcedidFirstLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe

pid	process
856	fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe
856	fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe

C:\Users\Admin\AppData\Local\Temp\fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe
"C:\Users\Admin\AppData\Local\Temp\fdd5fefb17fa360b3627b7d4bc3538cd9a35a6987ad8e6f0b0ddfff27bb56da2.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-114-0x0000000002210000-0x0000000002216000-memory.dmp

Filesize
24KB

Download
memory/856-117-0x00000000021F0000-0x00000000021F3000-memory.dmp

Filesize
12KB

Download