icedid | 729a43fa76a2b217374ba97a0615e3af64e68e1840d2c06702bd429d75fb738e | Triage

Analysis

max time kernel
186s
max time network
192s
platform
windows7_x64
resource
win7-20220414-en
submitted
02-05-2022 11:35

Sharing

Report Analysis Logs

General

Target

729a43fa76a2b217374ba97a0615e3af64e68e1840d2c06702bd429d75fb738e.exe
Size

258KB
MD5

e90dabf0d141d8e29dd00dc0908b5891
SHA1

e66fc76ada8050dcd5d6ba5f9020a0945e698886
SHA256

729a43fa76a2b217374ba97a0615e3af64e68e1840d2c06702bd429d75fb738e
SHA512

80ad20e2dc3c406ad0b672440f504ba0bccd9c67fed20b1a6079a742e70135801d8b7e2efc25401f6a476c4618cdb49d69b0dd943da3a8935e92fdde2ffd203b

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

minishtab.cyou

xoxofuck.cyou

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1936-55-0x0000000001000000-0x0000000001141000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1936-56-0x0000000001000000-0x0000000001006000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\729a43fa76a2b217374ba97a0615e3af64e68e1840d2c06702bd429d75fb738e.exe
"C:\Users\Admin\AppData\Local\Temp\729a43fa76a2b217374ba97a0615e3af64e68e1840d2c06702bd429d75fb738e.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-54-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/1936-55-0x0000000001000000-0x0000000001141000-memory.dmp

Filesize
1.3MB

Download
memory/1936-56-0x0000000001000000-0x0000000001006000-memory.dmp

Filesize
24KB

Download