icedid | bce008d6d0e25361fe226b4639a8eb3a34d5f6b32e2e02d9bd39bf5f9f290edc | Triage

Analysis

max time kernel
135s
max time network
150s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-05-2022 00:11

Sharing

Report Analysis Logs

General

Target

bce008d6d0e25361fe226b4639a8eb3a34d5f6b32e2e02d9bd39bf5f9f290edc.exe
Size

445KB
MD5

3122a67925ad572803e0259847d79ddb
SHA1

5a3c35f0256f95990cf9f7b0b00c176ef67c6a14
SHA256

bce008d6d0e25361fe226b4639a8eb3a34d5f6b32e2e02d9bd39bf5f9f290edc
SHA512

b77cd92d91c57c1ee3630302036db214ebb879f6a0d446a61202c97abc5669ffcc37892c9b6d0eaf90318aea4efc6cc79b00c07d4ebadd1016ff080d67f997ce

Score

10^/10

icedid 586763123 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

586763123

C2

kylerdog.cyou

dogawaydered.top

Attributes

auth_var
3
url_path
/audio/

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1884-55-0x0000000000400000-0x0000000000406000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1884-56-0x0000000000400000-0x0000000000571000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\bce008d6d0e25361fe226b4639a8eb3a34d5f6b32e2e02d9bd39bf5f9f290edc.exe
"C:\Users\Admin\AppData\Local\Temp\bce008d6d0e25361fe226b4639a8eb3a34d5f6b32e2e02d9bd39bf5f9f290edc.exe"
1⤵
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x00000000759E1000-0x00000000759E3000-memory.dmp

Filesize
8KB

Download
memory/1884-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1884-56-0x0000000000400000-0x0000000000571000-memory.dmp

Filesize
1.4MB

Download