icedid | 600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows10_x64
resource
win10-en-20211208
submitted
10-12-2021 02:49

Sharing

Report Analysis Logs

General

Target

600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe
Size

455KB
MD5

15909876d5b6303d1d13a2553a57a789
SHA1

6f23da32a732804f3cdc31d44a459dab27ebdfa9
SHA256

600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647
SHA512

37b0aa06453582859b882c598e5c637ce988ee9e91f90941dbcef1cedec1328e313d4a935c6dfa5fd21e568f69119412a25ba6f801508dbf70cefae86d4d81c3

Score

10^/10

icedid 117589798 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

117589798

C2

panyinth.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe

pid	process
2292	600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe
2292	600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe

pid process

2292 600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe

C:\Users\Admin\AppData\Local\Temp\600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe
"C:\Users\Admin\AppData\Local\Temp\600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-115-0x0000021A352C0000-0x0000021A352C9000-memory.dmp

Filesize
36KB

Download