icedid | 7a1f440b6b21b1ddd98c2c6eb495910ad91d8097114348fbb24bb323676cb383

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe
Size

176KB
MD5

59b3c322d96ea9484bba43e7271b8a07
SHA1

7c701e74728bd495d8b3ee4c2c478b76c4c93349
SHA256

7a1f440b6b21b1ddd98c2c6eb495910ad91d8097114348fbb24bb323676cb383
SHA512

be6842e5ed751f6eb7a22ef9247d23bddd5594aebc45ea2f3bfd744060c684d391afbfdc3ef26c58452e5a2ccd0baa2ab16ecd044568c635a578821d206a1e98
SSDEEP

3072:aPKgZsYU009yEesYZfIeIXn8DBNiAHRDmm5mNWg8e6:lgZsYU009yEW7o8DOAHRDmm5msgS

Score

10^/10

icedid 1163895564 banker loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1163895564

aginia.net

aginia.top

aginia.in

aginia.tel

telected.com

telected.xyz

Attributes

auth_var
4
url_path
/index.php

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
behavioral1/memory/2420-18-0x0000000000280000-0x0000000000285000-memory.dmp	IcedidSecondLoader

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe

pid process

2420 59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe
2420 59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe

pid	process
2420	59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe
2420	59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-17-0x000000000041A000-0x000000000041B000-memory.dmp

Filesize
4KB

Download
memory/2420-10-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-16-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-15-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-14-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-13-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-12-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-11-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-9-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-8-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-6-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-5-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-4-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2420-18-0x0000000000280000-0x0000000000285000-memory.dmp

Filesize
20KB

Download
memory/2420-22-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download