icedid | f1f260389c97aa75fffdc5c6e4674fd43d7bf21f696a94f759cb3a7f0f55f940 | Triage

Analysis

max time kernel
155s
max time network
59s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-04-2022 15:33

Sharing

Report Analysis Logs

General

Target

f1f260389c97aa75fffdc5c6e4674fd43d7bf21f696a94f759cb3a7f0f55f940.exe
Size

300KB
MD5

6c6003731a1bd0bc82d74a0d9591a50d
SHA1

0585bd664fe452fe6544ed0fa37989607d630758
SHA256

f1f260389c97aa75fffdc5c6e4674fd43d7bf21f696a94f759cb3a7f0f55f940
SHA512

543d46727905af53506242689f3c5cad6e522b3a37168702b14fcefc2ccaaa21087745e59b71af37e3a9f9d03f85747d8aebc4bbe4de6ff0521d3681e5dd60af

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

inforesuaremedown.club

tsalkshower.cyou

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1348-55-0x0000000000C90000-0x0000000000C96000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1348-56-0x0000000000C90000-0x0000000000D50000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\f1f260389c97aa75fffdc5c6e4674fd43d7bf21f696a94f759cb3a7f0f55f940.exe
"C:\Users\Admin\AppData\Local\Temp\f1f260389c97aa75fffdc5c6e4674fd43d7bf21f696a94f759cb3a7f0f55f940.exe"
1⤵
PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-54-0x0000000076531000-0x0000000076533000-memory.dmp

Filesize
8KB

Download
memory/1348-55-0x0000000000C90000-0x0000000000C96000-memory.dmp

Filesize
24KB

Download
memory/1348-56-0x0000000000C90000-0x0000000000D50000-memory.dmp

Filesize
768KB

Download