Overview

overview

10

Static

static

3

40group.exe

windows7-x64

10

40group.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    46s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2023, 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40group.exe

  • Size

    380KB

  • MD5

    f59b3c50d97fe7fa58001c345cbea37e

  • SHA1

    0e4c394560faf7853bcd9d51b7c959f0a093eb74

  • SHA256

    8d5d36c8ffb0a9c81b145aa40c1ff3475702fb0b5f9e08e0577bdc405087e635

  • SHA512

    257fb961278b6ac0a399f8e16d7cd7219388010982bb3183cb3c21c5b691a78ae15098b5958e31a385d3ff0b0d35050d72202d70e46e9becdbe830b662994a65

  • SSDEEP

    6144:gfmMGxnAR50hXwLhF0l2LF7PWbPINovTnJtKa6hVN:GmMGxAR5xLFQL6/N

Score
10/10
icedid548174735bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

548174735

C2

magnwnce.com

corposted.com

presifered.com

coujtried.com

molinaro.top

amongolia.com

jjanuatu.com
Attributes
  • auth_var

    3

  • url_path

    /index.php

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 1 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40group.exe
    "C:\Users\Admin\AppData\Local\Temp\40group.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1580-57-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-59-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-58-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-61-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-60-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-62-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-63-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-65-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-64-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-67-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-66-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-69-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-68-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1580-70-0x0000000000610000-0x0000000000615000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1580-74-0x0000000000600000-0x0000000000603000-memory.dmp

    Filesize

    12KB

    Download