icedid | 55c993236d58f2c205f8c9c1f7893785d20d655667e61fed2850160e5f9dc4fb | Triage

Analysis

max time kernel
5s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
19-03-2021 14:19

Sharing

Report Analysis Logs

General

Target

pe.dll
Size

64KB
MD5

d94e2269268320cf3426f726c0c8d62f
SHA1

f823ded4c652897e471eb8a77bd609f52105ac0c
SHA256

55c993236d58f2c205f8c9c1f7893785d20d655667e61fed2850160e5f9dc4fb
SHA512

011675a9e9b2e44ce02e04cb5d87c3d9e564e07317ea508e718f7ec9b572413ea8a05557c310a94fddb5b03017c240b33e5ebab08c9e26198b20996185412a0e

Score

10^/10

icedid 2046050 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2046050

C2

calldivorce.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1832-3-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1832 regsvr32.exe
1832 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\pe.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1832-2-0x000007FEFC011000-0x000007FEFC013000-memory.dmp

Filesize
8KB

Download
memory/1832-3-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download