Overview

overview

10

Static

static

Setup_Win_...46.exe

windows7-x64

10

Setup_Win_...46.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2023 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_Win_19-01-2023_17-34-46.exe

  • Size

    700.2MB

  • MD5

    dc57823d0b7175750e33537e8fa4544a

  • SHA1

    5183c79f65cfbbdc9968d48d4f7686fc3ef7115e

  • SHA256

    cf21b4f0015bb55c8d3e3ec0f2bd03f3eda615e4f38aca1caa6270cb5d52b239

  • SHA512

    35d12db8859527001dcb93db722898928b1fd3756e0b6e111328e1a2e6e0675332330bbd5301398f04b3c7c27751acbba08f1e1647b9d30c2bbd3923c6f3b4cd

  • SSDEEP

    3072:eYL6Tcr2SC+TneerVqkzGTx1HNWg++JW6pC5piSX7+iD08RbShuGZfSX:eYL6TE2S9TeeEkzk5NNHCrSsRQ6

Score
10/10
icedid1420576768bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1420576768

C2

plutoheadingo.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Win_19-01-2023_17-34-46.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Win_19-01-2023_17-34-46.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3520-132-0x0000000140000000-0x0000000140008000-memory.dmp
    Filesize

    32KB

    Download