icedid | 48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb | Triage

Analysis

max time kernel
157s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
10-05-2022 17:46

Sharing

Report Analysis Logs

General

Target

48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb.exe
Size

444KB
MD5

b2376e9758c3894d917d90501a628aeb
SHA1

a6b63142de59bd8074a7fb2839e1dfaf80efea20
SHA256

48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb
SHA512

75adedd0a416ecee091f1f03c8c8994c2f01b710a81cbb159902ed129993200ba69c126c7822c55608f7505d1ff2b292278cf3e785fba01bd31b1fe50da12fac

Score

10^/10

icedid 3956128845 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3956128845

C2

youandtherest.cyou

pleasurepopug.cyou

Attributes

auth_var
3
url_path
/audio/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1564-133-0x0000000000400000-0x000000000056E000-memory.dmp	IcedidSecondLoader
behavioral2/memory/1564-134-0x0000000000400000-0x0000000000406000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb.exe
"C:\Users\Admin\AppData\Local\Temp\48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb.exe"
1⤵
PID:1564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1564-133-0x0000000000400000-0x000000000056E000-memory.dmp

Filesize
1.4MB

Download
memory/1564-134-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download