icedid | 24de1a4864b877111012b4f13ad387286fca4650e0dca150d89c8fee0a36fce3 | Triage

Analysis

max time kernel
132s
max time network
148s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-06-2022 20:56

Sharing

Report Analysis Logs

General

Target

24de1a4864b877111012b4f13ad387286fca4650e0dca150d89c8fee0a36fce3.exe
Size

81KB
MD5

6d52247333851a0d62d99920312bb4dd
SHA1

264de4f0d9352750e59a706b5ca4634c980f50b1
SHA256

24de1a4864b877111012b4f13ad387286fca4650e0dca150d89c8fee0a36fce3
SHA512

cfb5d4b3937fc90a1231c39c3c54891424306fd30f13adc2e21c9470a5e7e67224ec3860e5c65db6505b6b6fc938c4c65e1ebcc3f7c9a224cb71d2d03ff34b94

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/336-56-0x0000000000220000-0x0000000000223000-memory.dmp	IcedidSecondLoader
behavioral1/memory/336-57-0x0000000000400000-0x0000000000429000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\24de1a4864b877111012b4f13ad387286fca4650e0dca150d89c8fee0a36fce3.exe
"C:\Users\Admin\AppData\Local\Temp\24de1a4864b877111012b4f13ad387286fca4650e0dca150d89c8fee0a36fce3.exe"
1⤵
PID:336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-54-0x00000000752A1000-0x00000000752A3000-memory.dmp

Filesize
8KB

Download
memory/336-56-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/336-55-0x000000000058B000-0x000000000058E000-memory.dmp

Filesize
12KB

Download
memory/336-57-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download