icedid | 3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0 | Triage

Analysis

max time kernel
157s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 02:29

Sharing

Report Analysis Logs

General

Target

3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe
Size

200KB
MD5

e79623d287cd17e5a295bbf535ee4c51
SHA1

a5865327cd7eb1bca9f5865782ca3cbcafd2646a
SHA256

3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0
SHA512

5f2fc6e3fec8566aaf7f59871e04f99dbec63abdf17922ddf9234c6199f01bbcc6d18fe10dd2cd8d50df1dc82307478fb96054bce5b40c252ba6e55a39b35dd3

Score

10^/10

icedid 2999192557 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2999192557

C2

gertuko.top

hiperdom.top

Attributes

auth_var
2
url_path
/index.php

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2212-130-0x0000000002290000-0x0000000002295000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe

pid	process
2212	3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe
2212	3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe

C:\Users\Admin\AppData\Local\Temp\3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe
"C:\Users\Admin\AppData\Local\Temp\3f2c479933e764f90d6158ecc7bd43854bb2349410271ccdb4196f7832983aa0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2212-130-0x0000000002290000-0x0000000002295000-memory.dmp

Filesize
20KB

Download