icedid | 195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75 | Triage

Analysis

max time kernel
4294214s
max time network
138s
platform
windows7_x64
resource
win7-20220311-en
submitted
19-03-2022 09:24

Sharing

Report Analysis Logs

General

Target

195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75.exe
Size

420KB
MD5

a7cc4403b1de7aff26f1e137ac45f09e
SHA1

7a996b65f6a1667f4c5ea3e4a75c8a7ca0d1587f
SHA256

195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75
SHA512

e187c78d3c794111b3e6d84a7c75c7d2eab45a26ec809147f707aff0e95691227ea4430296179204e4693dfe37954b822ed0d08dbd59cfc6da90ad5d08bb7c1a

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

aborigencredit.xyz

ideology8cum.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1880-55-0x00000000011C0000-0x00000000011C6000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1880-56-0x00000000011C0000-0x000000000130B000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75.exe
"C:\Users\Admin\AppData\Local\Temp\195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75.exe"
1⤵
PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download
memory/1880-55-0x00000000011C0000-0x00000000011C6000-memory.dmp

Filesize
24KB

Download
memory/1880-56-0x00000000011C0000-0x000000000130B000-memory.dmp

Filesize
1.3MB

Download
memory/1880-57-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download