icedid | a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f | Triage

Analysis

max time kernel
152s
max time network
159s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-05-2022 16:40

Sharing

Report Analysis Logs

General

Target

a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f.exe
Size

268KB
MD5

a708a9b2a5430ce8e284ca556586a866
SHA1

67f49fcf77d7e0229a7348129eec09e4911329e1
SHA256

a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f
SHA512

3fb899d3c4278052861a55b81c3229d7eac09c8b80082fe6bb2d9be404fbc83b6809050b6d00359b66a2c8f0d74665a4b8afe648bd0980eefba48348593967fb

Score

10^/10

icedid 22672422 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

22672422

C2

eastzrada.club

feder5ru.club

adwerife.cyou

proanaliz.top

vzaimrazv.cyou

pipulosha.cyou

Attributes

auth_var
5
url_path
/audio/

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1944-55-0x0000000000DE0000-0x0000000000DE6000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1944-56-0x0000000000DE0000-0x0000000000F18000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f.exe
"C:\Users\Admin\AppData\Local\Temp\a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f.exe"
1⤵
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-54-0x00000000753C1000-0x00000000753C3000-memory.dmp

Filesize
8KB

Download
memory/1944-55-0x0000000000DE0000-0x0000000000DE6000-memory.dmp

Filesize
24KB

Download
memory/1944-56-0x0000000000DE0000-0x0000000000F18000-memory.dmp

Filesize
1.2MB

Download