icedid | 884cdf248d0235d77adc1d88603d460d64c88c517d5e571b75749be42364d6a8 | Triage

Analysis

max time kernel
127s
max time network
130s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
19-01-2023 10:44

Sharing

Report Analysis Logs

General

Target

inject.exe
Size

16KB
MD5

153dc369ae15758d950f99dbf102c28f
SHA1

32be8cc4e15f031f2f87ea783967cec6cd014e5e
SHA256

884cdf248d0235d77adc1d88603d460d64c88c517d5e571b75749be42364d6a8
SHA512

18b22affb1a86c2c40b9574d28c11ccda5a5aad603535fcacf4cc2f97891a250faf3108cb90f81070a53aad5bcfd289cb171ccb1f86bb99f99b0ad7d6423b99b
SSDEEP

192:/ZKbCHpfVTIFyzPDufy2yz7ZBKUFf636yXoMV5PM6E632:xKbCHFHzmy1z1896yHM6E632

Score

10^/10

icedid 3248465841 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3248465841

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

inject.exe

pid process

4112 inject.exe
4112 inject.exe

C:\Users\Admin\AppData\Local\Temp\inject.exe
"C:\Users\Admin\AppData\Local\Temp\inject.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...