General
Target

66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6.exe

Filesize

304KB

Completed

08-05-2022 18:51

Task

behavioral2

Score
10/10
MD5

8b294b6025af7d8a90b69d304156f5cc

SHA1

b0d0ea067cc3700eb794762c1a3c3930a423a77c

SHA256

66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6

SHA512

d196328a02c456b40149d51cfc733c8f2946cd1522d7d688c9d21ba48f92f586d0cb3b6a5557d710a959b696e490668e4f5fac2d5390f4c774334512f5686d56

Malware Config

Extracted

Family

icedid

Botnet

1453255761

C2

startluna.club

lunat.top

Attributes
auth_var
3
url_path
/audio/

Extracted

Family

icedid

Signatures 2

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader

    Tags

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/4636-130-0x0000000000140000-0x0000000000146000-memory.dmpIcedidSecondLoader
    behavioral2/memory/4636-131-0x0000000000140000-0x0000000000484000-memory.dmpIcedidSecondLoader
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6.exe
    "C:\Users\Admin\AppData\Local\Temp\66f6f1fa55a0d506c7b8e46a6600e081ef00d085b7492fdf082651e8db37fba6.exe"
    PID:4636
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/4636-130-0x0000000000140000-0x0000000000146000-memory.dmp

                          • memory/4636-131-0x0000000000140000-0x0000000000484000-memory.dmp