icedid | 12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090 | Triage

Analysis

max time kernel
156s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-05-2022 21:28

Sharing

Report Analysis Logs

General

Target

12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090.exe
Size

82KB
MD5

83b5eb867110403cc72819463a807b73
SHA1

efc2f8f7584a633103aa568600b977312ecb9dd7
SHA256

12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090
SHA512

2379e8543022691b67cddb4a2d571c06d949dd6638f72c3569f52908a1449a42aca11ad7a3afa0b3bf884ee64dee388744db87f29a238c6d4ffac7f135f34844

Score

10^/10

icedid 2794990697 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

2794990697

C2

sheaffic.org

memphase.com

vulcate.com

sheaffic.com

eurobable.com

Attributes

auth_var
1
url_path
/index.php

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1792-130-0x0000000000FC0000-0x0000000001172000-memory.dmp	IcedidSecondLoader
behavioral2/memory/1792-131-0x0000000000FC0000-0x0000000000FC5000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090.exe
"C:\Users\Admin\AppData\Local\Temp\12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090.exe"
1⤵
PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1792-130-0x0000000000FC0000-0x0000000001172000-memory.dmp

Filesize
1.7MB

Download
memory/1792-131-0x0000000000FC0000-0x0000000000FC5000-memory.dmp

Filesize
20KB

Download