icedid | 1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539 | Triage

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-05-2022 03:43

Sharing

Report Analysis Logs

General

Target

1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe
Size

452KB
MD5

e606583a0c6f8faf2f441a6728d745ef
SHA1

a8e6dc619cfd2cf4409e78314abd4c55959ce02b
SHA256

1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539
SHA512

72346f9118663b5946e5393d96fe93c8186498b23eb38977b5ff8ac88e21986e4ebf84049d9bf006062d7fa1b39a991b6642aadefc556915da198a82e918ab5e

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

ldrmars.casa

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4992-130-0x0000000000B00000-0x0000000000B03000-memory.dmp	IcedidFirstLoader
behavioral2/memory/4992-131-0x0000000000B20000-0x0000000000B26000-memory.dmp	IcedidFirstLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe

pid	process
4992	1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe
4992	1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe

C:\Users\Admin\AppData\Local\Temp\1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe
"C:\Users\Admin\AppData\Local\Temp\1f7fff6b4a5d43dec3503258fdf56467047f285ff85bd14ad6bbe617c794b539.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4992-130-0x0000000000B00000-0x0000000000B03000-memory.dmp

Filesize
12KB

Download
memory/4992-131-0x0000000000B20000-0x0000000000B26000-memory.dmp

Filesize
24KB

Download