icedid | 934af94521e26dc9817dfd2e8fe9c46ee6baca845ae6039ed89a01fb1d9ce104 | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220414-en
submitted
19-04-2022 06:09

Sharing

Report Analysis Logs

General

Target

934af94521e26dc9817dfd2e8fe9c46ee6baca845ae6039ed89a01fb1d9ce104.exe
Size

336KB
MD5

a6bee201ef9e44768b442acaadc55627
SHA1

d655d46ed75b7d62747bd2cc53b5af1614c1943d
SHA256

934af94521e26dc9817dfd2e8fe9c46ee6baca845ae6039ed89a01fb1d9ce104
SHA512

f51dba5ec9e27f4b3d4b9a3372e585704ee5a80df6c20fa7301522c0f904c4fd0e607d7d3edfb8986d74540e8a31641204fb4674169d79efec89d269fe18610f

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

1911drink.best

kazluxraritet.club

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1624-55-0x0000000000040000-0x0000000000046000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1624-56-0x0000000000040000-0x00000000000B3000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\934af94521e26dc9817dfd2e8fe9c46ee6baca845ae6039ed89a01fb1d9ce104.exe
"C:\Users\Admin\AppData\Local\Temp\934af94521e26dc9817dfd2e8fe9c46ee6baca845ae6039ed89a01fb1d9ce104.exe"
1⤵
PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1624-54-0x0000000075C71000-0x0000000075C73000-memory.dmp

Filesize
8KB

Download
memory/1624-55-0x0000000000040000-0x0000000000046000-memory.dmp

Filesize
24KB

Download
memory/1624-56-0x0000000000040000-0x00000000000B3000-memory.dmp

Filesize
460KB

Download