Analysis

  • max time kernel
    125s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2022, 16:54

General

  • Target

    fucku.exe

  • Size

    32KB

  • MD5

    0bf8ec378d4f3f2ef4a98fbb47de1ef1

  • SHA1

    5aec34e5c1620fb15ce25c856b8f578e3e1459b2

  • SHA256

    5fe7fd8c6b0e160b8968e82d3d90569813654aeac2313bc7fdd3284c80cadb7f

  • SHA512

    ede1d64b57ffbc5beccb01b27d4f4446712420e10a4689955e2d573fa892d335c8b680ee38d0d339932766beea65be77b86bdccd396d6e942f3403026d72116a

Malware Config

Extracted

Family

icedid

Campaign

2492795688

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fucku.exe
    "C:\Users\Admin\AppData\Local\Temp\fucku.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1976

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads