icedid | 0be20197536de0c1f34b289b1012add4f7fd06926f80947559fcf26b6edef39b | Triage

Analysis

max time kernel
132s
max time network
131s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 21:59

Sharing

Report Analysis Logs

General

Target

8e9f482f5123c7eef5de4ab08d2f7a9e.dll
Size

52KB
MD5

8e9f482f5123c7eef5de4ab08d2f7a9e
SHA1

7fce3fe79bbb381079bcfa07990b4dabc018cf7c
SHA256

0be20197536de0c1f34b289b1012add4f7fd06926f80947559fcf26b6edef39b
SHA512

8558af53e04dd31b9fa6d5f764c52e34c21745d9716483df290a773044048203f530f3a49ffc3f1f1e9697daf94fc1ebdad55409ba8db43277d4dbe25f637538

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/384-3-0x00000000001B0000-0x00000000001B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

384 regsvr32.exe
384 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8e9f482f5123c7eef5de4ab08d2f7a9e.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-2-0x000007FEFB9D1000-0x000007FEFB9D3000-memory.dmp

Filesize
8KB

Download
memory/384-3-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download