icedid | a9498be6ff31d2584ea31b82819f287998a84c94bc00c8371c44788d45cdac64 | Triage

Analysis

max time kernel
175s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-05-2022 14:55

Sharing

Report Analysis Logs

General

Target

a9498be6ff31d2584ea31b82819f287998a84c94bc00c8371c44788d45cdac64.exe
Size

624KB
MD5

862f1786068d7619d99a616c622711d0
SHA1

adfe9c5c4d608422bd141224f425be6396504497
SHA256

a9498be6ff31d2584ea31b82819f287998a84c94bc00c8371c44788d45cdac64
SHA512

e3e11694f6fbf40086b843697e4feedd60c393f4bb39fd0aa1a59b3b6eede077aff30e199ca2c4b6f85620a77870e4a1919367f52647255c4cfc584088ba0529

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

ldrright.beer

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4372-130-0x00000000000C0000-0x00000000000C6000-memory.dmp	IcedidFirstLoader
behavioral2/memory/4372-131-0x00000000000C0000-0x0000000000250000-memory.dmp	IcedidFirstLoader

C:\Users\Admin\AppData\Local\Temp\a9498be6ff31d2584ea31b82819f287998a84c94bc00c8371c44788d45cdac64.exe
"C:\Users\Admin\AppData\Local\Temp\a9498be6ff31d2584ea31b82819f287998a84c94bc00c8371c44788d45cdac64.exe"
1⤵
PID:4372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4372-130-0x00000000000C0000-0x00000000000C6000-memory.dmp

Filesize
24KB

Download
memory/4372-131-0x00000000000C0000-0x0000000000250000-memory.dmp

Filesize
1.6MB

Download