Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08-05-2022 16:40

General

  • Target

    a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f.exe

  • Size

    268KB

  • MD5

    a708a9b2a5430ce8e284ca556586a866

  • SHA1

    67f49fcf77d7e0229a7348129eec09e4911329e1

  • SHA256

    a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f

  • SHA512

    3fb899d3c4278052861a55b81c3229d7eac09c8b80082fe6bb2d9be404fbc83b6809050b6d00359b66a2c8f0d74665a4b8afe648bd0980eefba48348593967fb

Malware Config

Extracted

Family

icedid

Botnet

22672422

C2

eastzrada.club

feder5ru.club

adwerife.cyou

proanaliz.top

vzaimrazv.cyou

pipulosha.cyou

Attributes
auth_var
5
url_path
/audio/

Extracted

Family

icedid

Signatures 2

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader ⋅ 2 IoCs

Processes 1

  • C:\Users\Admin\AppData\Local\Temp\a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f.exe
    "C:\Users\Admin\AppData\Local\Temp\a2e5a2c63648d6e8c54a7baac4fb0bc557aa0c8a7ab59dceafb076530f2dd26f.exe"
    PID:1944

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads

                          • memory/1944-54-0x00000000753C1000-0x00000000753C3000-memory.dmp
                          • memory/1944-55-0x0000000000DE0000-0x0000000000DE6000-memory.dmp
                          • memory/1944-56-0x0000000000DE0000-0x0000000000F18000-memory.dmp