icedid | 5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 12:19

Target

5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0.exe
Size

596KB
MD5

14545a35632ed4da111face279f17c67
SHA1

3d557bf8f649b4a0ec328c82b4178846b5854dec
SHA256

5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0
SHA512

0d8b5d935f289d33f64883a6f9523d29f2e83a4da9f00d46224ea745db7be13300d770a62052b7e924492c55297a14920c639e854973d732cc644e511af38277
SSDEEP

6144:KQJt0hn3E6U3DHpwKyLmKyLmKyLKjP0ux89vqqrDanemkfUPFQ/dA:tu1spwkkwjh8tGXkcM2

Score

10^/10

Family

icedid

Campaign

181658900

asiksliopakt.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0.exe

pid	process
1264	5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0.exe
1264	5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0.exe

C:\Users\Admin\AppData\Local\Temp\5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0.exe
"C:\Users\Admin\AppData\Local\Temp\5397c0a9bed881d599e89ce303475f852ad677e248036f1b8d273051f1a50da0.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1264

memory/1264-54-0x0000000140000000-0x0000000140008000-memory.dmp

Filesize
32KB

Download
memory/1264-60-0x0000000000400000-0x0000000000499000-memory.dmp

Filesize
612KB

Download
memory/1264-61-0x0000000000400000-0x0000000000499000-memory.dmp

Filesize
612KB

Download