Overview

overview

10

Static

static

3

6e9beb7094...18.exe

windows7-x64

10

6e9beb7094...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e9beb70949e08edb764bec70d8c280c_JaffaCakes118.exe

  • Size

    232KB

  • MD5

    6e9beb70949e08edb764bec70d8c280c

  • SHA1

    f873e54284fea6b0182f783960f3ed4fa270232f

  • SHA256

    9d7755e665f6a444252634488e167b54703914aac9fc7cd07a3f5b8ccf88c2cf

  • SHA512

    de9118e81f39dfd58acc973ff1be94eb028b79ac2e7105aedbb145daec1008a8bf0442f374b6d6cb8ebc34c1b19175a4edae9da6b03560a5d8619db1c9356580

  • SSDEEP

    3072:OMhhq+IsxN1ohHbhhrfKnGuFiVvYiEg5NJo2/fmBmjup9QzE:ThmTfKPFiVgi2CmBmCQE

Score
10/10
icedid548174735bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

548174735

C2

aginia.net

aginia.top

aginia.in

aginia.tel

telected.com

telected.xyz
Attributes
  • auth_var

    5

  • url_path

    /index.php

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 1 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e9beb70949e08edb764bec70d8c280c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6e9beb70949e08edb764bec70d8c280c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-14-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-16-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-15-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-13-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-11-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-7-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-6-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-4-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-3-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-12-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-10-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-9-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-8-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-5-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-17-0x0000000002FB0000-0x0000000002FB5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1692-22-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1692-21-0x0000000000420000-0x0000000000421000-memory.dmp

    Filesize

    4KB

    Download