icedid | 77a403ad73f8f6b4dd09f90d1aa10f7f205e86ff2e14cacc0afb7d8a6ef98dfe | Triage

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-05-2022 16:40

Sharing

Report Analysis Logs

General

Target

77a403ad73f8f6b4dd09f90d1aa10f7f205e86ff2e14cacc0afb7d8a6ef98dfe.exe
Size

1.4MB
MD5

0a8b8ed31e374f570ce8a5c0800ee3e1
SHA1

af00de5748f8bb5e8ed6836863eb62992392ae2a
SHA256

77a403ad73f8f6b4dd09f90d1aa10f7f205e86ff2e14cacc0afb7d8a6ef98dfe
SHA512

f984cc71bae00c68cd227705eb9e6f3247b761245afc40a0d73ea7c34a87eea3a8333e0da20cabd4d27c97ea26a9e105adf039c2dcdc3ae06d68fe35f291d5f4

Score

10^/10

icedid 2606458729 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

2606458729

C2

ruwedolki.pw

2014connflikki.pw

Attributes

auth_var
1
url_path
/audio/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4788-130-0x0000000000600000-0x000000000086B000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4788-131-0x0000000000600000-0x0000000000606000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\77a403ad73f8f6b4dd09f90d1aa10f7f205e86ff2e14cacc0afb7d8a6ef98dfe.exe
"C:\Users\Admin\AppData\Local\Temp\77a403ad73f8f6b4dd09f90d1aa10f7f205e86ff2e14cacc0afb7d8a6ef98dfe.exe"
1⤵
PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4788-130-0x0000000000600000-0x000000000086B000-memory.dmp

Filesize
2.4MB

Download
memory/4788-131-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download