icedid | e74355c561713b916dc271420805d700a427e7b8fe673881121a9ac853b96a4b | Triage

Analysis

max time kernel
3s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 18:17

Sharing

Report Analysis Logs

General

Target

c4198954a8ca7a8c0852cc20d31cc610.dll
Size

79KB
MD5

c4198954a8ca7a8c0852cc20d31cc610
SHA1

0f9d51aad08dd187942fdfa4fb321ae5b3adee32
SHA256

e74355c561713b916dc271420805d700a427e7b8fe673881121a9ac853b96a4b
SHA512

8a3cc188fc831e0aec42c5d203045f73139a7320ceb473fa8b5b44f8f21a069d9af80515224104bcd64563118ff7e269841b1a3ac73cddd67e976dea75cf89bb

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1680-3-0x00000000004B0000-0x00000000004B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1680 regsvr32.exe
1680 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c4198954a8ca7a8c0852cc20d31cc610.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-2-0x000007FEFC2C1000-0x000007FEFC2C3000-memory.dmp

Filesize
8KB

Download
memory/1680-3-0x00000000004B0000-0x00000000004B7000-memory.dmp

Filesize
28KB

Download