icedid | 2efeafdcfca03c83061d1ad399af84b48af2459610eb1a0b994b99383db5c2b0 | Triage

Analysis

max time kernel
12s
max time network
102s
platform
windows10_x64
resource
win10v20201028
submitted
24-03-2021 18:41

Sharing

Report Analysis Logs

General

Target

2efeafdcfca03c83061d1ad399af84b48af2459610eb1a0b994b99383db5c2b0.dll
Size

79KB
MD5

f422491c66fa2c7d9f43dfa0f6d2e144
SHA1

e9d9bfab7dc8aa65c2740fe8902b10e3f0ac1ae4
SHA256

2efeafdcfca03c83061d1ad399af84b48af2459610eb1a0b994b99383db5c2b0
SHA512

3456195cc78dd07de2d6aac866c2a7dc461bd675ecc139de87b584d00a2746078039c9b402b780f6f49c69dffb0791fb28b1499f945adc2d2328a21a571dc064

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1276-2-0x0000000000880000-0x0000000000887000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1276 regsvr32.exe
1276 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2efeafdcfca03c83061d1ad399af84b48af2459610eb1a0b994b99383db5c2b0.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1276-2-0x0000000000880000-0x0000000000887000-memory.dmp

Filesize
28KB

Download