Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    30-04-2022 15:14

General

  • Target

    iced_refactor.exe

  • Size

    142KB

  • MD5

    19dbc26b28ce2273525b58e51d4dcca8

  • SHA1

    46a47cc9f47141b97ff16c2344d1c4f65daa3f4f

  • SHA256

    eb6520c9bb2387de33c47ba017648f03140359c5d143cee68daf24654d9b5b76

  • SHA512

    39303e94c161388e650e4aa1d794c8bf4e95d2e5cbb1e33530903ac569ff84af2e1d5963762f82a2bf9922b91212a769d13cfa1b3e103eb716af249b6700add5

Malware Config

Extracted

Family

icedid

C2

boldidiotruss.xyz

nizaoplov.xyz

153ishak.best

ilu21plane.xyz

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\iced_refactor.exe
    "C:\Users\Admin\AppData\Local\Temp\iced_refactor.exe"
    1⤵
      PID:3116

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3116-130-0x0000000000200000-0x0000000000205000-memory.dmp

      Filesize

      20KB

    • memory/3116-131-0x0000000000200000-0x000000000023F000-memory.dmp

      Filesize

      252KB