icedid | fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4

Analysis

max time kernel
145s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e582f1d214712c263429692549010ef_JaffaCakes118.exe
Size

228KB
MD5

0e582f1d214712c263429692549010ef
SHA1

50c8cbdaa3b781d00e6e8df336af7620fcb90136
SHA256

fa79f39d2512326f3645ec051f32c4b0f175142bc5f43e0b869bdcfe32d18ca4
SHA512

7eac85ab9f8e9ff4d7602569d363293639b997e609694ade84e8211aa9dddeec67984281f0775da6970d41e0ed9e13d6d845afaf14a3dbd1287b819d56c010ff
SSDEEP

3072:UvbniW198DEYusGG2dIcnnhIm3fbk/1WJC6qidEIiCuCo3Bo84/X3wrbiW14:UJX8DAsGGDchISj95+CuYX/

Score

10^/10

icedid 3940132575 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

3940132575

besitxavier.best

nazifestivo.best

Attributes

auth_var
2
url_path
/audio/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 3 IoCs

loader

resource	yara_rule
behavioral1/memory/2036-9-0x0000000000280000-0x0000000000285000-memory.dmp	IcedidSecondLoader
behavioral1/memory/2036-4-0x00000000002A0000-0x00000000002A6000-memory.dmp	IcedidSecondLoader
behavioral1/memory/2036-0-0x0000000000290000-0x0000000000298000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2036	0e582f1d214712c263429692549010ef_JaffaCakes118.exe
2036	0e582f1d214712c263429692549010ef_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0e582f1d214712c263429692549010ef_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e582f1d214712c263429692549010ef_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-9-0x0000000000280000-0x0000000000285000-memory.dmp

Filesize
20KB

Download
memory/2036-8-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2036-4-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2036-0-0x0000000000290000-0x0000000000298000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads