Analysis
-
max time kernel
159s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
14-04-2022 14:30
Static task
static1
Behavioral task
behavioral1
Sample
eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe
-
Size
220KB
-
MD5
b338366a45738ac9256ea046a67ec1d1
-
SHA1
a100f87c0818f9a2b9f1ad4e1e2d424b029f6a8a
-
SHA256
eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8
-
SHA512
325e0e5297384e09e0c7d0d921383af6824dbf31cf2de47d6cb898d5355e2406c07bd7965d76f01b9a9e126cb2730419d31038201305d3aab5f790665c9cee10
Malware Config
Extracted
Family
icedid
C2
firstcovo.pw
kilohardtostop.pw
dalobecu.xyz
googmusi.cyou
Signatures
-
IcedID Second Stage Loader 3 IoCs
Processes:
resource yara_rule behavioral2/memory/1288-134-0x0000000002290000-0x0000000002298000-memory.dmp IcedidSecondLoader behavioral2/memory/1288-138-0x0000000002280000-0x0000000002285000-memory.dmp IcedidSecondLoader behavioral2/memory/1288-139-0x00000000022A0000-0x00000000022A6000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exepid process 1288 eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe 1288 eb58a35e3b3ca4fcd7d075bb5d103548e90b16cb2211a3f81a5a7086932574d8.exe