icedid | 9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757 | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20220414-en
submitted
15-04-2022 13:27

Sharing

Report Analysis Logs

General

Target

9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757.exe
Size

396KB
MD5

525871dae984d1b056647e4f5cfc11fe
SHA1

d209ba0ead3450c566a02f8f72b5777ac97540a9
SHA256

9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757
SHA512

c4a5b6c5d073e27450553b58b95b97f23b943bc2beefc8a0d9ff9ffdb8fe1eacaeb57cc3e7b605b78e482f4b224779fde5f291c0ec12c274c229499648e3f391

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

loadfreeman.casa

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1960-55-0x0000000000250000-0x0000000000256000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1960-58-0x00000000001C0000-0x00000000001C3000-memory.dmp	IcedidFirstLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757.exe

pid process

1960 9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757.exe

C:\Users\Admin\AppData\Local\Temp\9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757.exe
"C:\Users\Admin\AppData\Local\Temp\9887b7831c3ce6c97317e392aba71bfefef54d8c5860d84bc584ad4661f2f757.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-54-0x0000000075A61000-0x0000000075A63000-memory.dmp

Filesize
8KB

Download
memory/1960-55-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1960-58-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download