icedid | 195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75 | Triage

Analysis

max time kernel
153s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
19-03-2022 09:24

Sharing

Report Analysis Logs

General

Target

195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75.exe
Size

420KB
MD5

a7cc4403b1de7aff26f1e137ac45f09e
SHA1

7a996b65f6a1667f4c5ea3e4a75c8a7ca0d1587f
SHA256

195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75
SHA512

e187c78d3c794111b3e6d84a7c75c7d2eab45a26ec809147f707aff0e95691227ea4430296179204e4693dfe37954b822ed0d08dbd59cfc6da90ad5d08bb7c1a

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

aborigencredit.xyz

ideology8cum.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4640-134-0x00000000006F0000-0x000000000083B000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4640-136-0x00000000006F0000-0x00000000006F6000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75.exe
"C:\Users\Admin\AppData\Local\Temp\195db0588ad011d7b3adf724473e656826ac04cc387c4dedfd5d68150d761a75.exe"
1⤵
PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4640-134-0x00000000006F0000-0x000000000083B000-memory.dmp

Filesize
1.3MB

Download
memory/4640-135-0x0000000000E90000-0x0000000000E91000-memory.dmp

Filesize
4KB

Download
memory/4640-136-0x00000000006F0000-0x00000000006F6000-memory.dmp

Filesize
24KB

Download