fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe
228KB
12-05-2022 13:01
behavioral1
0e582f1d214712c263429692549010ef
50c8cbdaa3b781d00e6e8df336af7620fcb90136
fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4
7eac85ab9f8e9ff4d7602569d363293639b997e609694ade84e8211aa9dddeec67984281f0775da6970d41e0ed9e13d6d845afaf14a3dbd1287b819d56c010ff
Extracted
| Family | icedid |
Extracted
| Family | icedid |
| Botnet | 3940132575 |
| C2 |
besitxavier.best nazifestivo.best |
| Attributes |
auth_var 2
url_path /audio/ |
Filter: none
-
IcedID, BokBot
Description
IcedID is a banking trojan capable of stealing credentials.
Tags
-
IcedID Second Stage Loader
Tags
Reported IOCs
resource yara_rule behavioral1/memory/2040-55-0x0000000000370000-0x0000000000378000-memory.dmp IcedidSecondLoader behavioral1/memory/2040-59-0x0000000000380000-0x0000000000386000-memory.dmp IcedidSecondLoader behavioral1/memory/2040-63-0x0000000000360000-0x0000000000365000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookExfa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe
Reported IOCs
pid process 2040 fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe 2040 fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe
-
C:\Users\Admin\AppData\Local\Temp\fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exePID:2040"C:\Users\Admin\AppData\Local\Temp\fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe"Suspicious use of SetWindowsHookEx
-
memory/2040-54-0x0000000076261000-0x0000000076263000-memory.dmp
-
memory/2040-55-0x0000000000370000-0x0000000000378000-memory.dmp
-
memory/2040-59-0x0000000000380000-0x0000000000386000-memory.dmp
-
memory/2040-63-0x0000000000360000-0x0000000000365000-memory.dmp