Overview

overview

10

Static

static

3

bcbc51e4a4...18.exe

windows7-x64

10

bcbc51e4a4...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcbc51e4a4a1e2d2a8c558171c8192e9_JaffaCakes118.exe

  • Size

    100KB

  • MD5

    bcbc51e4a4a1e2d2a8c558171c8192e9

  • SHA1

    c2e170d8fd0ff68d7152892a8d5bac588ef4cc36

  • SHA256

    79723cbc2234e26aae3111b8c7b6711da68a46d01e5808598a1492e49c331f60

  • SHA512

    c1effc00aa2318891cfc289795d4cea6803e462102d3ed0636e0e0ac7396562853ca6a7fef478fd7b4f7c89a72b2ebb6ff0c4988ed7479e517202d2ed849f5ed

  • SSDEEP

    3072:dx0NBB7ts75yPAa3VVPHNRbtsBUsssss:dikdyPAalVV

Score
10/10
icedid491699037bankerloadertrojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

491699037

C2

exceptionalsanta.pro

happysantacows.red

mexicanfoodinmiami.pro

malayanfoodinmiami.pro
Attributes
  • auth_var

    1

  • url_path

    /index.php

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcbc51e4a4a1e2d2a8c558171c8192e9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bcbc51e4a4a1e2d2a8c558171c8192e9_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4848-0-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4848-1-0x0000000000980000-0x0000000000982000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4848-2-0x0000000000990000-0x0000000000995000-memory.dmp

    Filesize

    20KB

    Download