Malware Analysis Report

2025-08-06 04:16

Sample ID 220722-vehsfagffn
Target fucku.exe
SHA256 5fe7fd8c6b0e160b8968e82d3d90569813654aeac2313bc7fdd3284c80cadb7f
Tags
icedid 2492795688 banker suricata trojan loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5fe7fd8c6b0e160b8968e82d3d90569813654aeac2313bc7fdd3284c80cadb7f

Threat Level: Known bad

The file fucku.exe was found to be: Known bad.

Malicious Activity Summary

icedid 2492795688 banker suricata trojan loader

IcedID, BokBot

suricata: ET MALWARE Win32/IcedID Request Cookie

Icedid family

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-22 16:54

Signatures

Icedid family

icedid

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-22 16:54

Reported

2022-07-22 16:57

Platform

win7-20220718-en

Max time kernel

125s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fucku.exe"

Signatures

IcedID, BokBot

trojan banker icedid

suricata: ET MALWARE Win32/IcedID Request Cookie

suricata

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fucku.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fucku.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fucku.exe

"C:\Users\Admin\AppData\Local\Temp\fucku.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 greenfairsaid.com udp
DE 164.92.253.181:80 greenfairsaid.com tcp
DE 164.92.253.181:80 greenfairsaid.com tcp
DE 164.92.253.181:80 greenfairsaid.com tcp

Files

N/A