icedid | 0ed6e961a7bcebf37764de044209710dc23a004a9e2e51fe8e778df87e64819b | Triage

Analysis

max time kernel
135s
max time network
154s
platform
windows7_x64
resource
win7-20220414-en
submitted
19-04-2022 18:02

Sharing

Report Analysis Logs

General

Target

b73f8697.exe
Size

36KB
MD5

3e849d9099875258dd84050b9ea2623c
SHA1

f9911bbd98816cb29d03780e4f749cbd876b2f7e
SHA256

0ed6e961a7bcebf37764de044209710dc23a004a9e2e51fe8e778df87e64819b
SHA512

56c58462607b47926024b68fc9932326565113c5bd491bfec3f0a426cd70d6307a3abd97646220d870591c61d17982bd7c56e351166469dd90ca0b0931876ec2

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

dekeoipsi.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1784-55-0x00000000002D0000-0x00000000002D6000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1784-58-0x00000000002C0000-0x00000000002C3000-memory.dmp	IcedidFirstLoader

C:\Users\Admin\AppData\Local\Temp\b73f8697.exe
"C:\Users\Admin\AppData\Local\Temp\b73f8697.exe"
1⤵
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/1784-55-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/1784-58-0x00000000002C0000-0x00000000002C3000-memory.dmp

Filesize
12KB

Download