icedid | 19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99 | Triage

Analysis

max time kernel
149s
max time network
175s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-04-2022 11:52

Sharing

Report Analysis Logs

General

Target

19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99.exe
Size

1.1MB
MD5

586b096d751b5001c484c017b7fb2045
SHA1

15cf0ff230532c38da01a864f6fa5f70ed3ebdce
SHA256

19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99
SHA512

6e650bb2dbfb4ccad2924de76216c4407f73d8c1fa48fb92be783c89c6ae157697c8250a7c52c57c0f23dda109e85a2507a358eb319c549fd4cc06d8bc640347

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

trebletta.top

sillivilkous.top

ddiesells.xyz

gioretta.best

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1700-55-0x0000000000230000-0x0000000000236000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1700-59-0x0000000000220000-0x0000000000223000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99.exe

pid process

1700 19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99.exe

C:\Users\Admin\AppData\Local\Temp\19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99.exe
"C:\Users\Admin\AppData\Local\Temp\19c9b73b5ac70169a5bf6bf5b11fb0caceb3b49abb623c6442f7f9321a315e99.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-54-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/1700-55-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/1700-59-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download