Analysis
-
max time kernel
112s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-07-2022 03:29
General
-
Target
761114840822ac2ca103b8def7f30264034b0b783bed1127ba27ae5e13987d46.exe
-
Size
1.5MB
-
MD5
a44128ac144b7b03b9a18a1b3b81a3ab
-
SHA1
9d2afb0890ece493ddd68cd372d02d0e4b2edd70
-
SHA256
761114840822ac2ca103b8def7f30264034b0b783bed1127ba27ae5e13987d46
-
SHA512
6d6b18856ddc7aa192528e7621cf5c4e2b817885b2c1c973428ed6ef73c66d5c81d94acf24b96765189d3e10badcdb44c9a4d52838344c114a56001ea0eafcaf
Score
10/10
Malware Config
Extracted
Family
icedid
Botnet
2794990697
C2
sheaffic.org
memphase.com
vulcate.com
sheaffic.com
eurobable.com
Attributes
-
auth_var
1
-
url_path
/index.php
Extracted
Family
icedid
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
IcedID Second Stage Loader 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\761114840822ac2ca103b8def7f30264034b0b783bed1127ba27ae5e13987d46.exe"C:\Users\Admin\AppData\Local\Temp\761114840822ac2ca103b8def7f30264034b0b783bed1127ba27ae5e13987d46.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/336-54-0x0000000075711000-0x0000000075713000-memory.dmpFilesize
8KB
-
memory/336-55-0x0000000000250000-0x0000000000417000-memory.dmpFilesize
1.8MB
-
memory/336-56-0x0000000000250000-0x0000000000255000-memory.dmpFilesize
20KB
-
memory/336-57-0x0000000000250000-0x0000000000417000-memory.dmpFilesize
1.8MB