icedid | a2eac98f26c51e5dcdf78e707098297de8564d73200341512ad71cf9a3f7bbab | Triage

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-05-2022 00:21

Sharing

Report Analysis Logs

General

Target

a2eac98f26c51e5dcdf78e707098297de8564d73200341512ad71cf9a3f7bbab.dll
Size

278KB
MD5

81726d9479ed369c2477144116123ae7
SHA1

014225d2e82587f4d34fe7e9adec6f0b9d9adb49
SHA256

a2eac98f26c51e5dcdf78e707098297de8564d73200341512ad71cf9a3f7bbab
SHA512

9b1b795dc53e9895f8c47a50c4aaf6e9f68c3636546735e634e6b6b758625d2d930bf571bd087a79ba4db48f9a111daf7dbabfa03aa8d7b69589da01edfd1aec

Score

10^/10

icedid 2398486359 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

2398486359

C2

kravynolu.cyou

nikushotomo.cyou

Attributes

auth_var
1
url_path
/audio/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/388-131-0x00000000757B0000-0x0000000075803000-memory.dmp	IcedidSecondLoader
behavioral2/memory/388-132-0x00000000757B0000-0x00000000757B6000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1876 wrote to memory of 388	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 388	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 388	1876	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2eac98f26c51e5dcdf78e707098297de8564d73200341512ad71cf9a3f7bbab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2eac98f26c51e5dcdf78e707098297de8564d73200341512ad71cf9a3f7bbab.dll,#1
2⤵
PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/388-130-0x0000000000000000-mapping.dmp

Download
memory/388-131-0x00000000757B0000-0x0000000075803000-memory.dmp

Filesize
332KB

Download
memory/388-132-0x00000000757B0000-0x00000000757B6000-memory.dmp

Filesize
24KB

Download