Overview

overview

10

Static

static

1

Scan_Inv_A...91.exe

windows7-x64

10

Scan_Inv_A...91.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/04/2023, 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Scan_Inv_April_13_91.exe

  • Size

    553KB

  • MD5

    4fefd37afd026d9710dff024d991c00e

  • SHA1

    aa5fe0b27edbdcd05358843df91f7e6d4b118dd4

  • SHA256

    80119e4dff8bb262f0aba3679fff922fff94e9744e2e3ade7a34a0e544009018

  • SHA512

    fed1968a545c904535ca6055bf0901eff68cfab226c83d61a48395dab2d76a9242a72aa67aad567609a36c5f8079bccae9705e3354abf79352d58160d58f623a

  • SSDEEP

    12288:ijMebXlx8myefeoblgTTqsEvriI9x9Vcfc9omiCrvb9Js0S:ijMeblx8tefeoblgT2sETiIzr2bCrzY

Score
10/10
icedid4133971563bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

4133971563

C2

tadernost.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Scan_Inv_April_13_91.exe
    "C:\Users\Admin\AppData\Local\Temp\Scan_Inv_April_13_91.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2036-54-0x0000000000020000-0x0000000000028000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2036-55-0x0000000000200000-0x0000000000244000-memory.dmp

    Filesize

    272KB

    Download