icedid | 1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-05-2022 03:43

Sharing

Report Analysis Logs

General

Target

1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe
Size

452KB
MD5

e606583a0c6f8faf2f441a6728d745ef
SHA1

a8e6dc619cfd2cf4409e78314abd4c55959ce02b
SHA256

1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539
SHA512

72346f9118663b5946e5393d96fe93c8186498b23eb38977b5ff8ac88e21986e4ebf84049d9bf006062d7fa1b39a991b6642aadefc556915da198a82e918ab5e

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

ldrmars.casa

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2044-54-0x00000000002E0000-0x00000000002E6000-memory.dmp	IcedidFirstLoader
behavioral1/memory/2044-57-0x00000000002D0000-0x00000000002D3000-memory.dmp	IcedidFirstLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe

pid	process
2044	1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe
2044	1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe

C:\Users\Admin\AppData\Local\Temp\1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe
"C:\Users\Admin\AppData\Local\Temp\1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-54-0x00000000002E0000-0x00000000002E6000-memory.dmp

Filesize
24KB

Download
memory/2044-57-0x00000000002D0000-0x00000000002D3000-memory.dmp

Filesize
12KB

Download