Extracted

• • Target

    ZoomInstallerFull.exe

  • Size

    76.4MB

  • MD5

    aeb04e767a408e5ac643cd467751afff

  • SHA1

    cc2b84718bcec1fe34b3e9189762149f4a91fc23

  • SHA256

    9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd

  • SHA512

    d7e4e4c523290ac5afec1382c275dacc8a1657d7a75c2298c3bbf1fe7881253a3b5005895b72954f5062f6cd25a52df6f72c4d0022335f2349c6ede2d0e66114

  • SSDEEP

    1572864:jpDrQefrQSB+gTC4GB3RA9MLhWG7VYlSGTbANByfGajuTgIrPJGsF:9DLfrQQ/FA3RAicfUjByfFIDJ

  Score

  10^/10

  icedid3280585787bankerloaderpersistencetrojan

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2