icedid | b1e473787e82c494ef932d2944554f5343290517c763fda92f70680ad565a148 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-05-2022 14:55

Sharing

Report Analysis Logs

General

Target

b1e473787e82c494ef932d2944554f5343290517c763fda92f70680ad565a148.exe
Size

301KB
MD5

8525a9c8d2713d68dd55fbeaebc09a0d
SHA1

623df8a88a48ac8c902317deb7987c474a00a22d
SHA256

b1e473787e82c494ef932d2944554f5343290517c763fda92f70680ad565a148
SHA512

a785d81514d6bf8a8b0100b459804fd3e39b1edf263d0bd519fc5c37206005c3b5dd6ff9e7ab043c500f62427faca3cfcea0f29ea754e2126895c110a19d4a8f

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

lookatnice.top

littyfahren.club

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1692-55-0x0000000001000000-0x0000000001006000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1692-56-0x0000000001000000-0x0000000001143000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\b1e473787e82c494ef932d2944554f5343290517c763fda92f70680ad565a148.exe
"C:\Users\Admin\AppData\Local\Temp\b1e473787e82c494ef932d2944554f5343290517c763fda92f70680ad565a148.exe"
1⤵
PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1692-54-0x0000000075951000-0x0000000075953000-memory.dmp

Filesize
8KB

Download
memory/1692-55-0x0000000001000000-0x0000000001006000-memory.dmp

Filesize
24KB

Download
memory/1692-56-0x0000000001000000-0x0000000001143000-memory.dmp

Filesize
1.3MB

Download