icedid | 4939b61eb011cc10deba126cd09a2106b7ed7c1e41895c00a3de388ca1c5348d | Triage

Analysis

max time kernel
147s
max time network
150s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-05-2022 15:36

Sharing

Report Analysis Logs

General

Target

4939b61eb011cc10deba126cd09a2106b7ed7c1e41895c00a3de388ca1c5348d.exe
Size

405KB
MD5

d7e0c89bbb42aef8d64f97a0efb6b1b0
SHA1

1600e95f0b4c4dd545adcaefe2ffb1c93eb89989
SHA256

4939b61eb011cc10deba126cd09a2106b7ed7c1e41895c00a3de388ca1c5348d
SHA512

4b46b5e8ca257e6c51e218cb7c6ce17919a11ea9567868bfe02b22352752ec50e716804a1cce31c6fe26db55135728614353e8491cb81e15eae7a238b7514c21

Score

10^/10

icedid 4253634279 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

4253634279

C2

90volizmu.pw

sellsold.pw

Attributes

auth_var
2
url_path
/audio/

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1532-55-0x00000000000F0000-0x00000000000F6000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1532-56-0x00000000000F0000-0x0000000000255000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\4939b61eb011cc10deba126cd09a2106b7ed7c1e41895c00a3de388ca1c5348d.exe
"C:\Users\Admin\AppData\Local\Temp\4939b61eb011cc10deba126cd09a2106b7ed7c1e41895c00a3de388ca1c5348d.exe"
1⤵
PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1532-54-0x0000000075581000-0x0000000075583000-memory.dmp

Filesize
8KB

Download
memory/1532-55-0x00000000000F0000-0x00000000000F6000-memory.dmp

Filesize
24KB

Download
memory/1532-56-0x00000000000F0000-0x0000000000255000-memory.dmp

Filesize
1.4MB

Download