Overview

overview

10

Static

static

1

Setup_Win_...50.exe

windows7-x64

10

Setup_Win_...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    229s
  • max time network
    239s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2023, 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_Win_10-02-2023_18-19-50.exe

  • Size

    708.5MB

  • MD5

    261631519ce1a1bb69b1a04a7700edcb

  • SHA1

    ac807c97c169e277250f6ba3223abb6767e6c579

  • SHA256

    dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74

  • SHA512

    ad292300c61ac749c14f2c75fcee3734147379583d595871a3f379657a2d02214cde3fcc5cbc260d5e96da777ceea0067daec7945ec56c63007fd8b201a60a34

  • SSDEEP

    6144:7Zgq7M6B8PwXaS6Wm8ftjcpRP8xrc6osT1o+EcxJkdfuS3tfkYohtFtvbqSnYkAC:VgEM6BNhm8flcpRPKb1hgHofFtbxqy

Score
10/10
icedid1494101503bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1494101503

C2

staringgeipod.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Win_10-02-2023_18-19-50.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Win_10-02-2023_18-19-50.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1812-54-0x00000000002F0000-0x00000000002F8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1812-60-0x000000013FC10000-0x0000000140C10000-memory.dmp

    Filesize

    16.0MB

    Download