icedid | 2dfa0acc748454adf95566c84bc910b16a9db28a04d5eaec3c3edc56b82b798d | Triage

Analysis

max time kernel
151s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
02-05-2022 11:35

Sharing

Report Analysis Logs

General

Target

2dfa0acc748454adf95566c84bc910b16a9db28a04d5eaec3c3edc56b82b798d.exe
Size

221KB
MD5

97a1b1a36a7fd5f96d3e715f732521c4
SHA1

13d352a3da173e84c9c57beab2e07ff9aae0a81a
SHA256

2dfa0acc748454adf95566c84bc910b16a9db28a04d5eaec3c3edc56b82b798d
SHA512

b7980e88e1e362f097e15d43c0543522961d84d34488ed7f331d68ba31a84ad26a027ff674e7ecfa0e9e9c6a3410c8485705a0e7936a7f6a3aaf6b06306c70e2

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

justiceminister.best

fivejudgescatholic.cyou

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2836-130-0x0000000001000000-0x000000000112E000-memory.dmp	IcedidSecondLoader
behavioral2/memory/2836-131-0x0000000001000000-0x0000000001006000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\2dfa0acc748454adf95566c84bc910b16a9db28a04d5eaec3c3edc56b82b798d.exe
"C:\Users\Admin\AppData\Local\Temp\2dfa0acc748454adf95566c84bc910b16a9db28a04d5eaec3c3edc56b82b798d.exe"
1⤵
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2836-130-0x0000000001000000-0x000000000112E000-memory.dmp

Filesize
1.2MB

Download
memory/2836-131-0x0000000001000000-0x0000000001006000-memory.dmp

Filesize
24KB

Download