icedid | dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 17:07

Target

JaffaCakes118_dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74.exe
Size

708.5MB
MD5

261631519ce1a1bb69b1a04a7700edcb
SHA1

ac807c97c169e277250f6ba3223abb6767e6c579
SHA256

dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74
SHA512

ad292300c61ac749c14f2c75fcee3734147379583d595871a3f379657a2d02214cde3fcc5cbc260d5e96da777ceea0067daec7945ec56c63007fd8b201a60a34
SSDEEP

6144:7Zgq7M6B8PwXaS6Wm8ftjcpRP8xrc6osT1o+EcxJkdfuS3tfkYohtFtvbqSnYkAC:VgEM6BNhm8flcpRPKb1hgHofFtbxqy

Score

10^/10

Family

icedid

Campaign

1494101503

staringgeipod.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2232	JaffaCakes118_dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74.exe
2232	JaffaCakes118_dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dbc3e3c4ad4a0ee6623935dbc20dbe9d765f783c10b9e1f9e5774c935b06fe74.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2232

memory/2232-0-0x0000000000210000-0x0000000000218000-memory.dmp

Filesize
32KB

Download