icedid | bab32f942f49f174fedb3bfbb439bb2ec8abc558d303e7e12b4dd49622813551 | Triage

Analysis

max time kernel
201s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 18:48

Sharing

Report Analysis Logs

General

Target

bab32f942f49f174fedb3bfbb439bb2ec8abc558d303e7e12b4dd49622813551.exe
Size

130KB
MD5

b8fb44a0af2790cf9f840d07293bbbf7
SHA1

f8462cf74511361d6b0fe47a3684544e946ee5ea
SHA256

bab32f942f49f174fedb3bfbb439bb2ec8abc558d303e7e12b4dd49622813551
SHA512

cc424dbc4efe976b74ed6437ec5dad050054b8688c937e075dfb70e6285c24e1658a4504303c01ed0b93459cfb28708ccc2563a94b607d73dc82a64290ce3172

Score

10^/10

icedid 407810942 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

407810942

C2

laroshelle.best

appleparkca.best

bigbonmax.best

applethecompany.best

bulbulmeni.best

Attributes

auth_var
7
url_path
/index.php

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4252-130-0x0000000000E90000-0x0000000000ECC000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4252-131-0x0000000000E90000-0x0000000000E95000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\bab32f942f49f174fedb3bfbb439bb2ec8abc558d303e7e12b4dd49622813551.exe
"C:\Users\Admin\AppData\Local\Temp\bab32f942f49f174fedb3bfbb439bb2ec8abc558d303e7e12b4dd49622813551.exe"
1⤵
PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4252-130-0x0000000000E90000-0x0000000000ECC000-memory.dmp

Filesize
240KB

Download
memory/4252-131-0x0000000000E90000-0x0000000000E95000-memory.dmp

Filesize
20KB

Download