icedid | 17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9adf342fc9a3bf927715 | Triage

Analysis

max time kernel
118s
max time network
116s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 17:57

Sharing

Report Analysis Logs

General

Target

17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9.dll
Size

79KB
MD5

035dc493eaabdb0cdeafadfacbe192c1
SHA1

b0d47193f9c52f791733d8f1a39a76379e105598
SHA256

17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9adf342fc9a3bf927715
SHA512

f3bb0046b7753f84b5ce1a2440abdfe5c2919db11604801b891fff485fdb41de031cf338223a88075ba055de04ffc41463a57ecad6e06d2639a4b58ac1d61d59

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1044-3-0x00000000001B0000-0x00000000001B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1044 regsvr32.exe
1044 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-2-0x000007FEFB851000-0x000007FEFB853000-memory.dmp

Filesize
8KB

Download
memory/1044-3-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download