Overview

overview

10

Static

static

1

009381653f...df.exe

windows7-x64

10

009381653f...df.exe

windows10-2004-x64

10

Resubmissions

10-04-2023 12:38

230410-pt9a2shd63 10

25-03-2023 01:59

230325-cet7csae86 10

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-03-2023 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    009381653fade0d3b94ad0fa0a109c294ac55936a5d1ced44e18fb08188aa7df.exe

  • Size

    391KB

  • MD5

    d91dee9dfbdbf0b35593424723052a55

  • SHA1

    813c274e68916cba601134f689788e938f7ef9e7

  • SHA256

    009381653fade0d3b94ad0fa0a109c294ac55936a5d1ced44e18fb08188aa7df

  • SHA512

    b15064ae8ae5c2c1828d0e8058e12b2655525761c4366278bdb13f82f104b573ee014f8132e5b1c6cc79bc3f9e6d6a92c76a8184bdffe9f108f9b1f74a14a448

  • SSDEEP

    6144:EOUzREbq7Y9m47z+RtK87+YZSZXYSBdyvo+Rhw00C0Ul0YdxwW1Pi4QnpUk/rTwx:HUGbq0s4mR0SSZq3EuSX3wMW5vd

Score
10/10
icedid73743838bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

73743838

C2

aoureskindzet.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\009381653fade0d3b94ad0fa0a109c294ac55936a5d1ced44e18fb08188aa7df.exe
    "C:\Users\Admin\AppData\Local\Temp\009381653fade0d3b94ad0fa0a109c294ac55936a5d1ced44e18fb08188aa7df.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2328-133-0x000002E0E4CD0000-0x000002E0E4D04000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2328-134-0x000002E0E4BB0000-0x000002E0E4BB8000-memory.dmp
    Filesize

    32KB

    Download