icedid | 117632a4197ecc5d50272f942f61f329ed094ac5464acbc2bee9bcc0cddf5f6f | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 15:36

Sharing

Report Analysis Logs

General

Target

6e20d1d0a0892035ff8555e3453893b9.dll
Size

79KB
MD5

6e20d1d0a0892035ff8555e3453893b9
SHA1

60317694ed35449ff9cfd5d0f46788c02e2ab1c9
SHA256

117632a4197ecc5d50272f942f61f329ed094ac5464acbc2bee9bcc0cddf5f6f
SHA512

b48767c535bfb607a22393742ee02df04475310808ccce2719e48c8a51d69f8ec7d80a81e875242a048587f53441cb20932e6ff08c0c270078551cc9f68eb9dc

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/776-3-0x00000000002B0000-0x00000000002B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

776 regsvr32.exe
776 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6e20d1d0a0892035ff8555e3453893b9.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-2-0x000007FEFBB61000-0x000007FEFBB63000-memory.dmp

Filesize
8KB

Download
memory/776-3-0x00000000002B0000-0x00000000002B7000-memory.dmp

Filesize
28KB

Download