icedid | 9740209b371081d4a36183cc227fc5f978c9bba65b3db7c4a58f6a64c7514d89 | Triage

Analysis

max time kernel
156s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-05-2022 19:17

Sharing

Report Analysis Logs

General

Target

9740209b371081d4a36183cc227fc5f978c9bba65b3db7c4a58f6a64c7514d89.exe
Size

547KB
MD5

4284e33d5acd0c3f537bc0a03b27b289
SHA1

8e446941e1b727fd4b32002c3848c568b473817b
SHA256

9740209b371081d4a36183cc227fc5f978c9bba65b3db7c4a58f6a64c7514d89
SHA512

0561ccf43541531af17012294379e0e2bc5b3c3595691eb0ea44ff54ad8988633fb327220ce0a484602442a87f52cba11dbee5d4def415377a035891949510c5

Score

10^/10

icedid 1076950734 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1076950734

C2

justiceminister.best

fivejudgescatholic.cyou

Attributes

auth_var
2
url_path
/audio/

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2764-130-0x00000000008C0000-0x00000000008C6000-memory.dmp	IcedidSecondLoader
behavioral2/memory/2764-131-0x00000000008C0000-0x0000000000A43000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\9740209b371081d4a36183cc227fc5f978c9bba65b3db7c4a58f6a64c7514d89.exe
"C:\Users\Admin\AppData\Local\Temp\9740209b371081d4a36183cc227fc5f978c9bba65b3db7c4a58f6a64c7514d89.exe"
1⤵
PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2764-130-0x00000000008C0000-0x00000000008C6000-memory.dmp

Filesize
24KB

Download
memory/2764-131-0x00000000008C0000-0x0000000000A43000-memory.dmp

Filesize
1.5MB

Download