icedid | a636a808f5284758d97427a5edef79aae51baffa4b7348cc279131d1b73152df

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2025, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-18_8c0e6152b3ebc4709560f3d87adaec0e_elex_icedid.exe
Size

296KB
MD5

8c0e6152b3ebc4709560f3d87adaec0e
SHA1

b478fff41b140ecef30ea6db61ad466927396f66
SHA256

a636a808f5284758d97427a5edef79aae51baffa4b7348cc279131d1b73152df
SHA512

69e4d39801e23f69ed81c630c617327fbe8447fa3fe339fc64f1275b6c75dd36cf07d430efb40c72843fca3ba83a1b584e3620b7b4074556e4b50c43208d8216
SSDEEP

3072:cLsPk8GT/OxyVXbh0d1iaP7nP31euHuGqhwQ217U/kFcwDlv1+sZ0be8OByD:qss8Q/OYdJaznP3lfq65UU++0Bi

Score

10^/10

icedid 1368362572 banker discovery loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

1368362572

80frontluzkher.xyz

bruzilovv.top

vellifilliok.best

vermaxt.top

Attributes

auth_var
5
url_path
/audio/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

IcedID Second Stage Loader 2 IoCs

loader

resource	yara_rule
behavioral1/memory/1476-3-0x0000000000630000-0x0000000000633000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1476-4-0x0000000000670000-0x0000000000676000-memory.dmp	IcedidSecondLoader

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-18_8c0e6152b3ebc4709560f3d87adaec0e_elex_icedid.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1476	2025-04-18_8c0e6152b3ebc4709560f3d87adaec0e_elex_icedid.exe
1476	2025-04-18_8c0e6152b3ebc4709560f3d87adaec0e_elex_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2025-04-18_8c0e6152b3ebc4709560f3d87adaec0e_elex_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-18_8c0e6152b3ebc4709560f3d87adaec0e_elex_icedid.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1476

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1476-3-0x0000000000630000-0x0000000000633000-memory.dmp

Filesize
12KB

Download
memory/1476-4-0x0000000000670000-0x0000000000676000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads