Analysis
-
max time kernel
186s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 07:15
Static task
static1
Behavioral task
behavioral1
Sample
dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56.exe
Resource
win10v2004-20220414-en
General
-
Target
dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56.exe
-
Size
380KB
-
MD5
10da99c2fa3cc2722a5da7ce984f43cb
-
SHA1
9b4b7272f2feb3754d994c20006f0796c3a215a8
-
SHA256
dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56
-
SHA512
4532460685f6ca3af148b56719e37cbaf41323fef554d89995b78fc37ceaf7bfad19c60e5bb09cce73441819c2ef75ceb6817b05c7da94c6290cfbb6b4d578b2
Malware Config
Extracted
icedid
1604739030
gerontos.top
derilopa.top
desreona.top
seniorex.top
dezaredo.top
netionax.top
gerrredona.top
nameseorin.top
dirosad.top
colonisfg.com
-
auth_var
2
-
url_path
/index.php
Signatures
-
IcedID Second Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3684-133-0x0000000002D50000-0x0000000002D55000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56.exepid process 3684 dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56.exe 3684 dc6e35d1e55d1d77039e026b647c19d975114c02a541327770688eee00912f56.exe