icedid | 86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16

Analysis

Target

86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16.exe
Size

228KB
MD5

dd11fb3c9d76df104dd54cab9eabc403
SHA1

63f7f1b2281f82bec711ab3dc490abde5a24f288
SHA256

86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16
SHA512

1532121e4d03955f5a4c33bd622a5da09357b37448ea923dacf12ca98e77af822de1dc3af3cd773f23d175c9b1cf5c42e914b01dbd150528d62e46b738f01949

Score

10^/10

Family

icedid

Family

icedid

Botnet

3940132575

besitxavier.best

nazifestivo.best

Attributes

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 3 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/1660-130-0x0000000002360000-0x0000000002368000-memory.dmp	IcedidSecondLoader
behavioral2/memory/1660-134-0x0000000002380000-0x0000000002386000-memory.dmp	IcedidSecondLoader
behavioral2/memory/1660-138-0x00000000020D0000-0x00000000020D5000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16.exe

pid	process
1660	86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16.exe
1660	86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16.exe

C:\Users\Admin\AppData\Local\Temp\86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16.exe
"C:\Users\Admin\AppData\Local\Temp\86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1660

memory/1660-130-0x0000000002360000-0x0000000002368000-memory.dmp

Filesize
32KB

Download
memory/1660-134-0x0000000002380000-0x0000000002386000-memory.dmp

Filesize
24KB

Download
memory/1660-138-0x00000000020D0000-0x00000000020D5000-memory.dmp

Filesize
20KB

Download