icedid | b4d617f2fe21e3ea73be45890adc8fea02f10c945b7359d4cae5ee719007089a | Triage

Analysis

max time kernel
129s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
26-03-2022 20:24

Sharing

Report Analysis Logs

General

Target

b4d617f2fe21e3ea73be45890adc8fea02f10c945b7359d4cae5ee719007089a.exe
Size

144KB
MD5

0b30dc193fbc6dc0a9184157488605e7
SHA1

2da0f2735ea414c8d2a6ea8fa3beb6a9945ad5be
SHA256

b4d617f2fe21e3ea73be45890adc8fea02f10c945b7359d4cae5ee719007089a
SHA512

db8e3243f82245ac807e8de113172a87ccc1b5f447bea162b2ff85dcbb0f293e7de4b9064e00c2a825c0439a12e387535307eeae1e7e6da6455b4aa14cb32468

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

lysterpad.top

angiliaisland.best

asterioidglowo.club

greedyfopolo.best

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3884-134-0x00000000009D0000-0x00000000009D6000-memory.dmp	IcedidSecondLoader
behavioral2/memory/3884-135-0x00000000009D0000-0x0000000000A17000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\b4d617f2fe21e3ea73be45890adc8fea02f10c945b7359d4cae5ee719007089a.exe
"C:\Users\Admin\AppData\Local\Temp\b4d617f2fe21e3ea73be45890adc8fea02f10c945b7359d4cae5ee719007089a.exe"
1⤵
PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3884-134-0x00000000009D0000-0x00000000009D6000-memory.dmp

Filesize
24KB

Download
memory/3884-135-0x00000000009D0000-0x0000000000A17000-memory.dmp

Filesize
284KB

Download