Overview

overview

10

Static

static

006f25f0a2...7b.exe

windows7-x64

10

006f25f0a2...7b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2022 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    006f25f0a2b68b8492f291760da38d7b.exe

  • Size

    148KB

  • MD5

    006f25f0a2b68b8492f291760da38d7b

  • SHA1

    92ed72aedb1fd4d20c58c1805032564c5a29f141

  • SHA256

    8992cb202c810f333f41f55eac418b2924c5fab57c883721e9fbe1ab8e06233f

  • SHA512

    1d4d072473aef4477251e6b9cecbd253ee5949157200b0e6346a6493350ddc384cd4ae292dfc040f8bfd1a2335ec04c73657f68fc4042c2e13e34938dde914bf

  • SSDEEP

    1536:1gkpq7SF0ivbmqBrUNzeNLwnAMzPO3YI2Tmogeg+aMzPz8ZUvMWHnTX9ZSk1kyI1:1gUsivhrUYNMGIRFg+a28VeTH2iBS

Score
10/10
icedid1384743275bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1384743275

C2

ranmilokd.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\006f25f0a2b68b8492f291760da38d7b.exe
    "C:\Users\Admin\AppData\Local\Temp\006f25f0a2b68b8492f291760da38d7b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1880-54-0x0000000140000000-0x0000000140008000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1880-60-0x0000000000400000-0x0000000000427000-memory.dmp
    Filesize

    156KB

    Download