icedid | b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 12:20

Target

b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936.exe
Size

556KB
MD5

fba0b19958c1110cb7018c948527e7db
SHA1

84c8aaaa6e85a7a75e84b23e26d57e9e904a197b
SHA256

b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936
SHA512

e94a042ba5b26fe08d7e424b62de52e9c99ad660a55ed69462750bb7d1e6c7d8b369f8bf41efad96c8a69061ee2060029246ecac84698d5027ae92c616016d04
SSDEEP

6144:PQJt0hn3E6U3DHpwKyLmKyLmKyLYpLVDq+z6wsdsYqWkMP2QW8jqzf:Qu1spwkkqidS/MP2P3

Score

10^/10

Family

icedid

Campaign

181658900

asiksliopakt.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936.exe

pid	process
4776	b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936.exe
4776	b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936.exe

C:\Users\Admin\AppData\Local\Temp\b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936.exe
"C:\Users\Admin\AppData\Local\Temp\b9b91adc3e123484ae08b2fa92e85ced6de12605e0d60c96e3e9a22a5148f936.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776

memory/4776-132-0x0000000140000000-0x0000000140008000-memory.dmp

Filesize
32KB

Download
memory/4776-138-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download