icedid | 13bc210fd00fdb3a96ed3d749be0e6768ad470a86ebc7b6b30e5a0e3b5bdd538

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
18/04/2025, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-18_fcdd0335a473c687f9e0e19e0c3cbfcf_black-basta_elex_luca-stealer.exe
Size

287KB
MD5

fcdd0335a473c687f9e0e19e0c3cbfcf
SHA1

57394291714306d93b67b8e666f566bfbb6e5e8a
SHA256

13bc210fd00fdb3a96ed3d749be0e6768ad470a86ebc7b6b30e5a0e3b5bdd538
SHA512

cb274836e78a9e07d75501890e33da91668233713144a0e25b9605bf0f3060554c2143c5b9e8467b4122b3aaf3e0c8bf2e856bb0725aae1ba2f34c4cb7fedb57
SSDEEP

6144:iyGEErqT+7I/FdI2lA4b/Ue7z7vOmVwv7u:iyfErqT+s/FLAUVv1Vy7u

Score

10^/10

icedid banker discovery loader trojan

Malware Config

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

IcedID Second Stage Loader 1 IoCs

loader

resource	yara_rule
behavioral2/memory/5212-2-0x0000000000E50000-0x0000000000F99000-memory.dmp	IcedidSecondLoader

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-18_fcdd0335a473c687f9e0e19e0c3cbfcf_black-basta_elex_luca-stealer.exe

C:\Users\Admin\AppData\Local\Temp\2025-04-18_fcdd0335a473c687f9e0e19e0c3cbfcf_black-basta_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-18_fcdd0335a473c687f9e0e19e0c3cbfcf_black-basta_elex_luca-stealer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5212

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5212-0-0x0000000000E97000-0x0000000000E9B000-memory.dmp

Filesize
16KB

Download
memory/5212-1-0x0000000000E50000-0x0000000000F99000-memory.dmp

Filesize
1.3MB

Download
memory/5212-2-0x0000000000E50000-0x0000000000F99000-memory.dmp

Filesize
1.3MB

Download
memory/5212-3-0x0000000000E97000-0x0000000000E9B000-memory.dmp

Filesize
16KB

Download