icedid | 1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa | Triage

Analysis

max time kernel
137s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-05-2022 17:37

Sharing

Report Analysis Logs

General

Target

1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa.exe
Size

2.9MB
MD5

8970a3db9f39923a4ef16fb39cd8acc5
SHA1

caaca63a223df4aa52e37850cad18274aab9cb96
SHA256

1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa
SHA512

5f3f7449c79d1f7ca75940366fb5abc8d30fd6a336431ad1a47c4530a64cb93bbf4d7ccbcb22756f04971e2d8cd987d5acc7bdb32cbb16ec3b15b49eef5309bb

Score

10^/10

icedid 3826577017 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3826577017

C2

pilatylu.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa.exe

pid	process
2584	1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa.exe
2584	1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa.exe

C:\Users\Admin\AppData\Local\Temp\1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa.exe
"C:\Users\Admin\AppData\Local\Temp\1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2584-130-0x0000000140000000-0x0000000140008000-memory.dmp

Filesize
32KB

Download