icedid | cab4e4a9561f7fa3312b84179577293282346e5802ccfe6d0d40799b80d86d58 | Triage

Analysis

max time kernel
4s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
13-03-2021 08:18

Sharing

Report Analysis Logs

General

Target

f5a91192256cbfaa9fa28870a8c3ff95.dll
Size

154KB
MD5

f5a91192256cbfaa9fa28870a8c3ff95
SHA1

2b43674be7e1d01aa95e8156dfec48ef99463ae1
SHA256

cab4e4a9561f7fa3312b84179577293282346e5802ccfe6d0d40799b80d86d58
SHA512

af7058d8f2ac1032754072794fc8eff5bcbaa59cab593cd91093f4b7e1cce24daecbe865469484c916793f5d94a118f48eefd1a42070ac9fe21fdc8609b5f8df

Score

10^/10

icedid 2292720537 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2292720537

C2

klicjop9.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/776-3-0x00000000002F0000-0x00000000002F7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

776 regsvr32.exe
776 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f5a91192256cbfaa9fa28870a8c3ff95.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-2-0x000007FEFBB61000-0x000007FEFBB63000-memory.dmp

Filesize
8KB

Download
memory/776-3-0x00000000002F0000-0x00000000002F7000-memory.dmp

Filesize
28KB

Download