icedid | 214a1fe5ec01b87f0021e673ca5b15c82eab2285b75fbbd6b3850d00168da487 | Triage

Analysis

max time kernel
132s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
30-03-2022 00:33

Sharing

Report Analysis Logs

General

Target

minro.exe
Size

124KB
MD5

6187867745754121e5b29c16e05e6164
SHA1

daeb28c0e2db1dd78caff0d4b9d863d1f8656e47
SHA256

617e0f57f4283ca044003326663b5614d66f97e16bccdd8bec1321fad44a7195
SHA512

88b04366e121c02bd6f74f1ff5f305a87e91eb97b00ee4dbbe84761e407e26b3af262b84f9f47fc87a7277c334106a93bd7ba75a1a40f3b82b6c0f418adb3d02

Score

10^/10

icedid 1666752692 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1666752692

C2

ritionalvalueon.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral4/memory/1708-130-0x0000000140000000-0x000000014000B000-memory.dmp	IcedidFirstLoader

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1872 1708 WerFault.exe minro.exe

C:\Users\Admin\AppData\Local\Temp\minro.exe
"C:\Users\Admin\AppData\Local\Temp\minro.exe"
1⤵
PID:1708

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1708 -s 172
2⤵
- Program crash
PID:1872

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1708 -ip 1708
1⤵
PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-130-0x0000000140000000-0x000000014000B000-memory.dmp

Filesize
44KB

Download