icedid | 004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f | Triage

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
25-02-2022 07:02

Sharing

Report Analysis Logs

General

Target

004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe
Size

718KB
MD5

985ccc5e454e09ecabb8ff1f84f03e74
SHA1

2a9a1f9462a69beae64e951ed600d33e00741ad3
SHA256

004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f
SHA512

f8d3e0534618612644800f1c3ca120295a8f40e2295986272e11eb10cb323534595f9798c8750cd5e416e070430d7e2c4c388208cb6056c04c822274cfbd8e29

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4184-134-0x00000000005F0000-0x00000000005F2000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4184-135-0x0000000000620000-0x0000000000625000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe

pid process

4184 004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe

C:\Users\Admin\AppData\Local\Temp\004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe
"C:\Users\Admin\AppData\Local\Temp\004721033b1e95ce94fe8c3b9a2898c3b7e82d2b2d6060a1b6e5ea09aeb4535f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4184-133-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/4184-134-0x00000000005F0000-0x00000000005F2000-memory.dmp

Filesize
8KB

Download
memory/4184-135-0x0000000000620000-0x0000000000625000-memory.dmp

Filesize
20KB

Download