Analysis
-
max time kernel
157s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 02:29
Static task
static1
Behavioral task
behavioral1
Sample
3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe
Resource
win10v2004-20220414-en
General
-
Target
3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe
-
Size
200KB
-
MD5
e79623d287cd17e5a295bbf535ee4c51
-
SHA1
a5865327cd7eb1bca9f5865782ca3cbcafd2646a
-
SHA256
3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0
-
SHA512
5f2fc6e3fec8566aaf7f59871e04f99dbec63abdf17922ddf9234c6199f01bbcc6d18fe10dd2cd8d50df1dc82307478fb96054bce5b40c252ba6e55a39b35dd3
Malware Config
Extracted
icedid
2999192557
gertuko.top
hiperdom.top
-
auth_var
2
-
url_path
/index.php
Signatures
-
IcedID Second Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2212-130-0x0000000002290000-0x0000000002295000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exepid process 2212 3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe 2212 3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe