Overview

overview

10

Static

static

3

40group.exe

windows7-x64

10

40group.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2023, 00:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    40group.exe

  • Size

    380KB

  • MD5

    f59b3c50d97fe7fa58001c345cbea37e

  • SHA1

    0e4c394560faf7853bcd9d51b7c959f0a093eb74

  • SHA256

    8d5d36c8ffb0a9c81b145aa40c1ff3475702fb0b5f9e08e0577bdc405087e635

  • SHA512

    257fb961278b6ac0a399f8e16d7cd7219388010982bb3183cb3c21c5b691a78ae15098b5958e31a385d3ff0b0d35050d72202d70e46e9becdbe830b662994a65

  • SSDEEP

    6144:gfmMGxnAR50hXwLhF0l2LF7PWbPINovTnJtKa6hVN:GmMGxAR5xLFQL6/N

Score
10/10
icedid548174735bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

548174735

C2

magnwnce.com

corposted.com

presifered.com

coujtried.com

molinaro.top

amongolia.com

jjanuatu.com
Attributes
  • auth_var

    3

  • url_path

    /index.php

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 1 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40group.exe
    "C:\Users\Admin\AppData\Local\Temp\40group.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2320

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2320-138-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-136-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-137-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-140-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-139-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-142-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-141-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-144-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-143-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-147-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-145-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-146-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-148-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-149-0x0000000002280000-0x0000000002283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2320-150-0x0000000002320000-0x0000000002325000-memory.dmp

          Filesize

          20KB

          Download