icedid | 4f39a6eb76ad32e6265638b299df3f001292f14208d4b7dadc583577bfdd73ce | Triage

Analysis

max time kernel
200s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-04-2022 09:07

Sharing

Report Analysis Logs

General

Target

4f39a6eb76ad32e6265638b299df3f001292f14208d4b7dadc583577bfdd73ce.exe
Size

278KB
MD5

f256b883245baeb7fe91cfa0563a0d57
SHA1

e0b7d74982a2657303241d0b5497cc82bb6c1b77
SHA256

4f39a6eb76ad32e6265638b299df3f001292f14208d4b7dadc583577bfdd73ce
SHA512

bad2b3304cfa0be810abbb4d0e82da377e50a8f7f58d3ec997a9d2b6b703400e9d03fff3d78eabbbbe3118b2f9f6f931f8db8651bfd2ca4feb39ed21cc69bb78

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

supportayzer.shop

bookoffathes.pw

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4692-130-0x00000000000A0000-0x00000000000A6000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4692-131-0x00000000000A0000-0x00000000001EA000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\4f39a6eb76ad32e6265638b299df3f001292f14208d4b7dadc583577bfdd73ce.exe
"C:\Users\Admin\AppData\Local\Temp\4f39a6eb76ad32e6265638b299df3f001292f14208d4b7dadc583577bfdd73ce.exe"
1⤵
PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4692-130-0x00000000000A0000-0x00000000000A6000-memory.dmp

Filesize
24KB

Download
memory/4692-131-0x00000000000A0000-0x00000000001EA000-memory.dmp

Filesize
1.3MB

Download