Overview

overview

10

Static

static

004721033b...5f.exe

windows7_x64

10

004721033b...5f.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    25-02-2022 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe

  • Size

    718KB

  • MD5

    985ccc5e454e09ecabb8ff1f84f03e74

  • SHA1

    2a9a1f9462a69beae64e951ed600d33e00741ad3

  • SHA256

    004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f

  • SHA512

    f8d3e0534618612644800f1c3ca120295a8f40e2295986272e11eb10cb323534595f9798c8750cd5e416e070430d7e2c4c388208cb6056c04c822274cfbd8e29

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe
    "C:\Users\Admin\AppData\Local\Temp\004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1648-54-0x0000000075021000-0x0000000075023000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1648-55-0x0000000000250000-0x0000000000255000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1648-59-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1648-58-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download