Overview

overview

10

Static

static

eb58a35e3b...d8.exe

windows7_x64

10

eb58a35e3b...d8.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294212s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    14-04-2022 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe

  • Size

    220KB

  • MD5

    b338366a45738ac9256ea046a67ec1d1

  • SHA1

    a100f87c0818f9a2b9f1ad4e1e2d424b029f6a8a

  • SHA256

    eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8

  • SHA512

    325e0e5297384e09e0c7d0d921383af6824dbf31cf2de47d6cb898d5355e2406c07bd7965d76f01b9a9e126cb2730419d31038201305d3aab5f790665c9cee10

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

firstcovo.pw

kilohardtostop.pw

dalobecu.xyz

googmusi.cyou

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 3 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe
    "C:\Users\Admin\AppData\Local\Temp\eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1616-54-0x0000000076851000-0x0000000076853000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1616-55-0x0000000000270000-0x0000000000278000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1616-57-0x0000000000260000-0x0000000000265000-memory.dmp
    Filesize

    20KB

    Download
  • memory/1616-60-0x0000000000280000-0x0000000000286000-memory.dmp
    Filesize

    24KB

    Download