icedid | eb6520c9bb2387de33c47ba017648f03140359c5d143cee68daf24654d9b5b76 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-04-2022 15:14

Sharing

Report Analysis Logs

General

Target

iced_refactor.exe
Size

142KB
MD5

19dbc26b28ce2273525b58e51d4dcca8
SHA1

46a47cc9f47141b97ff16c2344d1c4f65daa3f4f
SHA256

eb6520c9bb2387de33c47ba017648f03140359c5d143cee68daf24654d9b5b76
SHA512

39303e94c161388e650e4aa1d794c8bf4e95d2e5cbb1e33530903ac569ff84af2e1d5963762f82a2bf9922b91212a769d13cfa1b3e103eb716af249b6700add5

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

boldidiotruss.xyz

nizaoplov.xyz

153ishak.best

ilu21plane.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1052-55-0x0000000000A40000-0x0000000000A45000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1052-56-0x0000000000A40000-0x0000000000A7F000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\iced_refactor.exe
"C:\Users\Admin\AppData\Local\Temp\iced_refactor.exe"
1⤵
PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1052-54-0x00000000763E1000-0x00000000763E3000-memory.dmp

Filesize
8KB

Download
memory/1052-55-0x0000000000A40000-0x0000000000A45000-memory.dmp

Filesize
20KB

Download
memory/1052-56-0x0000000000A40000-0x0000000000A7F000-memory.dmp

Filesize
252KB

Download