Overview

overview

10

Static

static

1

Setup_Win_...52.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    123s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2023 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_Win_02-02-2023_17-40-52.exe

  • Size

    703.3MB

  • MD5

    8879e4b167ecdbe05b4c82e7c537b3ff

  • SHA1

    89b21179d1e3ad21449899eb5fd1a7a8e274f165

  • SHA256

    c993606b61f059efe7409b6a2036b1a519f6896ce80f6693c90c601cf7e67c55

  • SHA512

    ebff4a5769ee004b7aca004bc6bc551405b5b046eafed9763687f89aa0cab752e0b87f1166edf85eed3fdf1c479c7c97910740e168c1b90cfef2dd0d1a6b7bcc

  • SSDEEP

    6144:kzXaEsb8gUAWTibyk0Px1ee2k6S94s68dTcEgDAIpiWe97TzGux0siC6pEOEGElW:k29c+P0Z9tm7sdG

Score
10/10
icedid1398120717bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1398120717

C2

loliapitudet.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Win_02-02-2023_17-40-52.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Win_02-02-2023_17-40-52.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3396-132-0x0000000140000000-0x0000000140008000-memory.dmp
    Filesize

    32KB

    Download
  • memory/3396-138-0x0000000000400000-0x0000000001400000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/3396-139-0x0000000000400000-0x0000000001400000-memory.dmp
    Filesize

    16.0MB

    Download