Overview

overview

10

Static

static

08966fc06c...d5.exe

windows7_x64

10

08966fc06c...d5.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    30-05-2022 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08966fc06c2e26f4dbb36f50812afd3863aa7ae04463bc931506a97a8d866cd5.exe

  • Size

    220KB

  • MD5

    1a7c450bdcfe99da1427d976de6d7246

  • SHA1

    ddd5895e7837abfed13e28630e21884901966f4f

  • SHA256

    08966fc06c2e26f4dbb36f50812afd3863aa7ae04463bc931506a97a8d866cd5

  • SHA512

    0403918e746f9906e91a90bc3442649666ef49ac559d53daca6b25a50ca067d20926dd5a3f7f097a91df3b6db07396d011bbe41f3a3deb3a2010ce2f9e82fa37

Score
10/10
icedid513366864bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

513366864

C2

gfthwards.com

gfthwards.eu

gfthwards.net

presifered.com
Attributes
  • auth_var

    8

  • url_path

    /index.php

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 1 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08966fc06c2e26f4dbb36f50812afd3863aa7ae04463bc931506a97a8d866cd5.exe
    "C:\Users\Admin\AppData\Local\Temp\08966fc06c2e26f4dbb36f50812afd3863aa7ae04463bc931506a97a8d866cd5.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/376-57-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-58-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-59-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-60-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-61-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-62-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-63-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-64-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-65-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-66-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-67-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-68-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-69-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/376-70-0x00000000764C1000-0x00000000764C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/376-71-0x0000000000310000-0x0000000000315000-memory.dmp

    Filesize

    20KB

    Download

  • memory/376-75-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download