icedid | c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c | Triage

Analysis

max time kernel
130s
max time network
161s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-05-2022 02:59

Sharing

Report Analysis Logs

General

Target

c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c.exe
Size

165KB
MD5

7d99ebf5171054504f3334e1317a763d
SHA1

893504b39f7b53a455e7b369ac05957ae7865221
SHA256

c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c
SHA512

9e950b98cd99e3c782cf586720a9fb7e61807c5c13bef76956a360402f8a845371cd27b91e6306977fc1480720ff192e955fd187853c2f52ba53440fc564ccfd

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

loadboeing.click

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1212-55-0x0000000000500000-0x0000000000626000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1212-56-0x0000000000500000-0x0000000000506000-memory.dmp	IcedidFirstLoader

C:\Users\Admin\AppData\Local\Temp\c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c.exe
"C:\Users\Admin\AppData\Local\Temp\c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c.exe"
1⤵
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x00000000755C1000-0x00000000755C3000-memory.dmp

Filesize
8KB

Download
memory/1212-55-0x0000000000500000-0x0000000000626000-memory.dmp

Filesize
1.1MB

Download
memory/1212-56-0x0000000000500000-0x0000000000506000-memory.dmp

Filesize
24KB

Download