Overview

overview

10

Static

static

48fd13b164...bb.exe

windows7_x64

10

48fd13b164...bb.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    157s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    10-05-2022 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb.exe

  • Size

    444KB

  • MD5

    b2376e9758c3894d917d90501a628aeb

  • SHA1

    a6b63142de59bd8074a7fb2839e1dfaf80efea20

  • SHA256

    48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb

  • SHA512

    75adedd0a416ecee091f1f03c8c8994c2f01b710a81cbb159902ed129993200ba69c126c7822c55608f7505d1ff2b292278cf3e785fba01bd31b1fe50da12fac

Score
10/10
icedid3956128845bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3956128845

C2

youandtherest.cyou

pleasurepopug.cyou
Attributes
  • auth_var

    3

  • url_path

    /audio/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader

Processes

  • C:\Users\Admin\AppData\Local\Temp\48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb.exe
    "C:\Users\Admin\AppData\Local\Temp\48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb.exe"
    1⤵
      PID:1564

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1564-133-0x0000000000400000-0x000000000056E000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1564-134-0x0000000000400000-0x0000000000406000-memory.dmp
      Filesize

      24KB

      Download