icedid | c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c | Triage

Analysis

max time kernel
153s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-05-2022 02:59

Sharing

Report Analysis Logs

General

Target

c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c.exe
Size

165KB
MD5

7d99ebf5171054504f3334e1317a763d
SHA1

893504b39f7b53a455e7b369ac05957ae7865221
SHA256

c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c
SHA512

9e950b98cd99e3c782cf586720a9fb7e61807c5c13bef76956a360402f8a845371cd27b91e6306977fc1480720ff192e955fd187853c2f52ba53440fc564ccfd

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

loadboeing.click

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4732-130-0x0000000000490000-0x0000000000496000-memory.dmp	IcedidFirstLoader
behavioral2/memory/4732-131-0x0000000000490000-0x00000000005B6000-memory.dmp	IcedidFirstLoader

C:\Users\Admin\AppData\Local\Temp\c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c.exe
"C:\Users\Admin\AppData\Local\Temp\c7cf32f1a17f0f936a5f67418b51f03e9a5d42a376caa46a3aaa2e4c9688173c.exe"
1⤵
PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4732-130-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/4732-131-0x0000000000490000-0x00000000005B6000-memory.dmp

Filesize
1.1MB

Download