icedid | e70c965ae03c89538c94cc65ada5194c0b129a67e4c5f0eca728965ff4f831ae | Triage

Analysis

max time kernel
315s
max time network
1593s
platform
windows10_x64
resource
win10-20220310-ja
submitted
11-04-2022 07:21

Sharing

Report Analysis Logs

General

Target

d2ef5.exe
Size

2.1MB
MD5

ffb7508a9fa7ea9c3adbaa1ee14e1cab
SHA1

4c717031f4d273a5505add19ba948740ae529450
SHA256

e70c965ae03c89538c94cc65ada5194c0b129a67e4c5f0eca728965ff4f831ae
SHA512

96b6dff6102ab36c2f19b4d7d18aff64c03c59814ee7fd9166d98a3255c108cedfb3b29788929f5b90b6083d61f535c1009874d66bf3eb64672a2e1a5bb47b62

Score

10^/10

icedid 816407799 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

816407799

C2

ertimadifa.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3936-118-0x0000000140000000-0x000000014000B000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

d2ef5.exe

pid process

3936 d2ef5.exe
3936 d2ef5.exe

C:\Users\Admin\AppData\Local\Temp\d2ef5.exe
"C:\Users\Admin\AppData\Local\Temp\d2ef5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3936-118-0x0000000140000000-0x000000014000B000-memory.dmp

Filesize
44KB

Download