icedid | f8f351415ee7c63613aede4a8b4642c2afa432396ef5f949a1b8e6a58210f41e | Triage

Analysis

max time kernel
199s
max time network
199s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-05-2022 01:04

Sharing

Report Analysis Logs

General

Target

f8f351415ee7c63613aede4a8b4642c2afa432396ef5f949a1b8e6a58210f41e.exe
Size

238KB
MD5

62ed03b882afc7078cc3bd6563f4a608
SHA1

eac946a5a75735f110ac66aede384676b2094ae6
SHA256

f8f351415ee7c63613aede4a8b4642c2afa432396ef5f949a1b8e6a58210f41e
SHA512

a1d6b9138fa00dbf0aa0aaafe013d3f3203d40a2ac6eb4b98d3896af6cce9df640c373fb85296e718b1e5bf87fb36d4abc094416e8948b947081cd87c050937d

Score

10^/10

icedid 2635507097 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

2635507097

C2

rufepuksuka.cyou

uzhokpidarok.cyou

Attributes

auth_var
1
url_path
/audio/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1216-55-0x0000000000B30000-0x0000000000C6C000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1216-56-0x0000000000B30000-0x0000000000B36000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\f8f351415ee7c63613aede4a8b4642c2afa432396ef5f949a1b8e6a58210f41e.exe
"C:\Users\Admin\AppData\Local\Temp\f8f351415ee7c63613aede4a8b4642c2afa432396ef5f949a1b8e6a58210f41e.exe"
1⤵
PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1216-54-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1216-55-0x0000000000B30000-0x0000000000C6C000-memory.dmp

Filesize
1.2MB

Download
memory/1216-56-0x0000000000B30000-0x0000000000B36000-memory.dmp

Filesize
24KB

Download