icedid | d427663fedfee334210eb15278b4692397bba0a7e9f26482a13850049e723a59 | Triage

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 04:43

Sharing

Report Analysis Logs

General

Target

d427663fedfee334210eb15278b4692397bba0a7e9f26482a13850049e723a59.exe
Size

140KB
MD5

14a9adc57e334f3cb9a849346d8679b2
SHA1

aaaf140bfc1e01832895ec2a393906c982775e67
SHA256

d427663fedfee334210eb15278b4692397bba0a7e9f26482a13850049e723a59
SHA512

c170848dd097d09bf831db8835992d886c30049dfac619c139de4b48ef503f278a86796bb26b17fcb3cc850d41fe584b0b864a1c4b7595d8b0468156cc5ab6de

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2632-131-0x00000000026B0000-0x00000000026B3000-memory.dmp	IcedidSecondLoader
behavioral2/memory/2632-132-0x0000000000400000-0x0000000000975000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\d427663fedfee334210eb15278b4692397bba0a7e9f26482a13850049e723a59.exe
"C:\Users\Admin\AppData\Local\Temp\d427663fedfee334210eb15278b4692397bba0a7e9f26482a13850049e723a59.exe"
1⤵
PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2632-131-0x00000000026B0000-0x00000000026B3000-memory.dmp

Filesize
12KB

Download
memory/2632-130-0x0000000000C1E000-0x0000000000C22000-memory.dmp

Filesize
16KB

Download
memory/2632-132-0x0000000000400000-0x0000000000975000-memory.dmp

Filesize
5.5MB

Download