Overview

overview

10

Static

static

fa79f39d251232...a4.exe

windows7_x64

10

fa79f39d251232...a4.exe

windows10-2004_x64

10
General
Target

fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe

Filesize

228KB

Completed

12-05-2022 13:01

Task

behavioral2

Score
10/10
MD5

0e582f1d214712c263429692549010ef

SHA1

50c8cbdaa3b781d00e6e8df336af7620fcb90136

SHA256

fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4

SHA512

7eac85ab9f8e9ff4d7602569d363293639b997e609694ade84e8211aa9dddeec67984281f0775da6970d41e0ed9e13d6d845afaf14a3dbd1287b819d56c010ff

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid
Botnet

3940132575
C2

besitxavier.best

nazifestivo.best
Attributes
auth_var
2
url_path
/audio/
Signatures 3

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • IcedID Second Stage Loader

    Tags

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/2040-130-0x0000000002490000-0x0000000002498000-memory.dmpIcedidSecondLoader
    behavioral2/memory/2040-134-0x00000000024A0000-0x00000000024A6000-memory.dmpIcedidSecondLoader
    behavioral2/memory/2040-138-0x0000000002480000-0x0000000002485000-memory.dmpIcedidSecondLoader
  • Suspicious use of SetWindowsHookEx
    fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe

    Reported IOCs

    pidprocess
    2040fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe
    2040fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe
    "C:\Users\Admin\AppData\Local\Temp\fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4.exe"
    Suspicious use of SetWindowsHookEx
    PID:2040
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/2040-130-0x0000000002490000-0x0000000002498000-memory.dmp

                            Download

                          • memory/2040-134-0x00000000024A0000-0x00000000024A6000-memory.dmp

                            Download

                          • memory/2040-138-0x0000000002480000-0x0000000002485000-memory.dmp

                            Download