icedid | b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d | Triage

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-en-20211208
submitted
26-02-2022 06:54

Sharing

Report Analysis Logs

General

Target

b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d.exe
Size

220KB
MD5

6db580482092ffb0e0a009c1ad202649
SHA1

3f037c00c291bd9ee181baafee0a5f2e182d466d
SHA256

b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d
SHA512

e811b3d223915f88cd4de62e595aeaa44582b0fa03aa48ee488213db7b23d15a683a02d020048f3d112267e8c96d85684ca60063f0cef4f2cc494359e2e58941

Score

10^/10

icedid banker loader trojan

Malware Config

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1180-56-0x0000000000280000-0x0000000000286000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1180-59-0x0000000000270000-0x0000000000273000-memory.dmp	IcedidFirstLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d.exe

pid	process
1180	b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d.exe
1180	b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d.exe

C:\Users\Admin\AppData\Local\Temp\b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d.exe
"C:\Users\Admin\AppData\Local\Temp\b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1180-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/1180-56-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/1180-59-0x0000000000270000-0x0000000000273000-memory.dmp

Filesize
12KB

Download