Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 11:35

General

  • Target

    4fd7ce0338386d2af9c3b7878adc006165be1a5681fbacfe68137b2fe0a3722d.exe

  • Size

    104KB

  • MD5

    5e78ec29e0b3031de4c98364efa10276

  • SHA1

    322494b0b7569336f8c51b021cc3bbc9ce50783e

  • SHA256

    4fd7ce0338386d2af9c3b7878adc006165be1a5681fbacfe68137b2fe0a3722d

  • SHA512

    8a5d76a4d9d200c730bacedde5ce30f64f918427908c80c85ad6c6c43b596d286d80232bbe658f6746c0c5622e0396327abdd8101bd0e324a22c01f43020990d

Malware Config

Extracted

Family

icedid

C2

linvorodana.cyou

kremlinvorona.pw

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fd7ce0338386d2af9c3b7878adc006165be1a5681fbacfe68137b2fe0a3722d.exe
    "C:\Users\Admin\AppData\Local\Temp\4fd7ce0338386d2af9c3b7878adc006165be1a5681fbacfe68137b2fe0a3722d.exe"
    1⤵
      PID:1884

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1884-54-0x0000000075D21000-0x0000000075D23000-memory.dmp

      Filesize

      8KB

    • memory/1884-55-0x00000000006E0000-0x00000000006E6000-memory.dmp

      Filesize

      24KB

    • memory/1884-56-0x00000000006E0000-0x00000000007EF000-memory.dmp

      Filesize

      1.1MB