Analysis
-
max time kernel
167s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
17-04-2022 14:47
Static task
static1
Behavioral task
behavioral1
Sample
0131026051228584a83997be64c30e7c9cd90c1657d9fffb11d427f577f4a134.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
0131026051228584a83997be64c30e7c9cd90c1657d9fffb11d427f577f4a134.exe
-
Size
84KB
-
MD5
e518b053633f83917af43c3c6f81c141
-
SHA1
4c85a76114f2886f2c873c212f88320e4715ba93
-
SHA256
0131026051228584a83997be64c30e7c9cd90c1657d9fffb11d427f577f4a134
-
SHA512
dbc2b62f2f2e8ca09b042e21516810cf0f34ef722a651b9661bef3ac5497cad8b87c5eff90a16190e3b44848100ecf0d14edc872afb38efdd27db0d7626da836
Malware Config
Extracted
Family
icedid
C2
vergilliostar.top
mentokiller.top
ekxortsisto.best
netutto.best
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4136-130-0x00000000023A0000-0x00000000023A6000-memory.dmp IcedidSecondLoader behavioral2/memory/4136-134-0x0000000002380000-0x0000000002383000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
0131026051228584a83997be64c30e7c9cd90c1657d9fffb11d427f577f4a134.exepid process 4136 0131026051228584a83997be64c30e7c9cd90c1657d9fffb11d427f577f4a134.exe 4136 0131026051228584a83997be64c30e7c9cd90c1657d9fffb11d427f577f4a134.exe