icedid | 01df78b3dd07c7cafad3cad4cc52054216b6fed239476976e768ddad3d4251f5 | Triage

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
02-05-2022 11:35

Sharing

Report Analysis Logs

General

Target

01df78b3dd07c7cafad3cad4cc52054216b6fed239476976e768ddad3d4251f5.exe
Size

234KB
MD5

cc81ca7b0c7583be5d00b34d8997a158
SHA1

634e2805b487fedfcac06260e7d625f2d8039f30
SHA256

01df78b3dd07c7cafad3cad4cc52054216b6fed239476976e768ddad3d4251f5
SHA512

197bc70575e01eb704e1151ce6ac5171290b84c9000f050b604da7e07f2d578e734b03995b00db2834a67ec399cdacbf305e9364272ae59a8e0125b6864ccb43

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

june85.cyou

golddisco.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4920-130-0x0000000001000000-0x000000000113A000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4920-131-0x0000000001000000-0x0000000001006000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\01df78b3dd07c7cafad3cad4cc52054216b6fed239476976e768ddad3d4251f5.exe
"C:\Users\Admin\AppData\Local\Temp\01df78b3dd07c7cafad3cad4cc52054216b6fed239476976e768ddad3d4251f5.exe"
1⤵
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4920-130-0x0000000001000000-0x000000000113A000-memory.dmp

Filesize
1.2MB

Download
memory/4920-131-0x0000000001000000-0x0000000001006000-memory.dmp

Filesize
24KB

Download