icedid | 4687a29d6a32a3933c8240f0d5b8cff85a8644b6988bc6a16adf848a4e8e212e | Triage

Analysis

max time kernel
148s
max time network
181s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-05-2022 20:42

Sharing

Report Analysis Logs

General

Target

4687a29d6a32a3933c8240f0d5b8cff85a8644b6988bc6a16adf848a4e8e212e.exe
Size

228KB
MD5

0a79f532b330c5f43f00dbbbb6c7d5ad
SHA1

e0d275dbc665ba716b3fbdfa0eb22989df2a32a8
SHA256

4687a29d6a32a3933c8240f0d5b8cff85a8644b6988bc6a16adf848a4e8e212e
SHA512

f2c8252f21b81109c6ed5af4390f72b902318d0d70f9323f810c9361e389bb56743edcf2e4824375e3867573b29fa83902c45e077352480c12023907d3bdea8b

Score

10^/10

icedid 3890424169 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3890424169

C2

fasederro.site

delemano.online

Attributes

auth_var
3
url_path
/audio/

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1468-55-0x00000000003B0000-0x00000000003B6000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1468-56-0x00000000003B0000-0x0000000000C85000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\4687a29d6a32a3933c8240f0d5b8cff85a8644b6988bc6a16adf848a4e8e212e.exe
"C:\Users\Admin\AppData\Local\Temp\4687a29d6a32a3933c8240f0d5b8cff85a8644b6988bc6a16adf848a4e8e212e.exe"
1⤵
PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1468-54-0x0000000076C81000-0x0000000076C83000-memory.dmp

Filesize
8KB

Download
memory/1468-55-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/1468-56-0x00000000003B0000-0x0000000000C85000-memory.dmp

Filesize
8.8MB

Download