Analysis

  • max time kernel
    4s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    24-03-2021 19:43

General

  • Target

    1f275cc030fc3f46a110063f2235af8b47285d80b8ad47eeb3970541b1af95db.dll

  • Size

    52KB

  • MD5

    2564d119818fd65b8230b71854820fe8

  • SHA1

    f24b23c44629cead32ec4dc7bbba5f59100a8e9b

  • SHA256

    1f275cc030fc3f46a110063f2235af8b47285d80b8ad47eeb3970541b1af95db

  • SHA512

    b164c04de10d000e8c0b0738612a870a9014602fc032a16bb7fef643bb56c0dcffbe8950824c0fb5e0e594665f511079b9fe7103b786a71a76b8b6647014753d

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1f275cc030fc3f46a110063f2235af8b47285d80b8ad47eeb3970541b1af95db.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1932-2-0x000007FEFB541000-0x000007FEFB543000-memory.dmp

    Filesize

    8KB

  • memory/1932-3-0x00000000001C0000-0x00000000001C7000-memory.dmp

    Filesize

    28KB