Analysis

  • max time kernel
    150s
  • max time network
    170s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    11-05-2022 13:51

General

  • Target

    a4621ec7daf679ae7a1a787dfddfd5c0705dcc9199eb4bb73e16e37e167bd755.exe

  • Size

    228KB

  • MD5

    b08c946dbd7903d782a03427a58e17e2

  • SHA1

    764722588d98efd361638fbca5c1b92bf7ea1c96

  • SHA256

    a4621ec7daf679ae7a1a787dfddfd5c0705dcc9199eb4bb73e16e37e167bd755

  • SHA512

    e6af8b298f402d2093592c025c900139c3da16a7649475fece368d395c34d3a60ecd5dc8efdb6f72e216a9182ceff9fa09fa2154e5b4a6124b9a643074eba544

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

1453255761

C2

startluna.club

lunat.top

Attributes
  • auth_var

    2

  • url_path

    /audio/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4621ec7daf679ae7a1a787dfddfd5c0705dcc9199eb4bb73e16e37e167bd755.exe
    "C:\Users\Admin\AppData\Local\Temp\a4621ec7daf679ae7a1a787dfddfd5c0705dcc9199eb4bb73e16e37e167bd755.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1068-54-0x0000000075DE1000-0x0000000075DE3000-memory.dmp

    Filesize

    8KB

  • memory/1068-55-0x0000000000380000-0x0000000000388000-memory.dmp

    Filesize

    32KB

  • memory/1068-59-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

  • memory/1068-63-0x0000000000370000-0x0000000000375000-memory.dmp

    Filesize

    20KB