icedid | 095cc3f8cd585ab09c1de61229149e469fe09630c0aca84abc54ba7ddeff77fb | Triage

Analysis

max time kernel
148s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
27-03-2022 02:16

Sharing

Report Analysis Logs

General

Target

095cc3f8cd585ab09c1de61229149e469fe09630c0aca84abc54ba7ddeff77fb.exe
Size

341KB
MD5

84415c4b8574f0b9327c10dbdafe9988
SHA1

4340d44df7828ec83030fc6e340eae59678f127a
SHA256

095cc3f8cd585ab09c1de61229149e469fe09630c0aca84abc54ba7ddeff77fb
SHA512

ee7f71af2b9073904776afd92ba83aeb8731a01e31ad826c954e595591a052597df37f65f52f95ccd02d90f2d7c50db8b23ca23287aa24fd109c773c3738cbb9

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

aborigencredit.xyz

ideology8cum.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4880-124-0x0000000000400000-0x0000000000477000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4880-125-0x0000000000400000-0x0000000000406000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\095cc3f8cd585ab09c1de61229149e469fe09630c0aca84abc54ba7ddeff77fb.exe
"C:\Users\Admin\AppData\Local\Temp\095cc3f8cd585ab09c1de61229149e469fe09630c0aca84abc54ba7ddeff77fb.exe"
1⤵
PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4880-124-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4880-125-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download