Behavioral Report

max time kernel139s
max time network152s
platformwindows10-2004_x64
resourcewin10v2004-20220414-en
submitted08-05-2022 16:40

Report
Files
Registry
Network
Processes
Mutex
Misc

Target

66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6.exe

Filesize

304KB

Completed

08-05-2022 18:51

Task

behavioral2

Score

10^/10

MD5

8b294b6025af7d8a90b69d304156f5cc

SHA1

b0d0ea067cc3700eb794762c1a3c3930a423a77c

SHA256

66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6

SHA512

d196328a02c456b40149d51cfc733c8f2946cd1522d7d688c9d21ba48f92f586d0cb3b6a5557d710a959b696e490668e4f5fac2d5390f4c774334512f5686d56

icedid 1453255761 banker loader trojan

Extracted

Family	icedid
Botnet	1453255761
C2	startluna.club lunat.top startluna.club lunat.top
Attributes	auth_var 3 url_path /audio/

Extracted

Family

icedid

IcedID, BokBot

Description

IcedID is a banking trojan capable of stealing credentials.

Tags

trojan banker icedid

IcedID Second Stage Loader

Reported IOCs

resource	yara_rule
behavioral2/memory/4636-130-0x0000000000140000-0x0000000000146000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4636-131-0x0000000000140000-0x0000000000484000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6.exe

"C:\Users\Admin\AppData\Local\Temp\66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6.exe"

PID:4636

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

00:00 00:00

memory/4636-130-0x0000000000140000-0x0000000000146000-memory.dmp

Download
memory/4636-131-0x0000000000140000-0x0000000000484000-memory.dmp

Download

Extracted

Extracted

Filter: none

Description

Tags

Tags

Reported IOCs

Title