icedid | c94f64fccf27d93e198e064b676477f958eaa4bfcbf2d632a3b4623b8b27d5f0 | Triage

Analysis

max time kernel
13s
max time network
110s
platform
windows10_x64
resource
win10v20201028
submitted
24-03-2021 20:37

Sharing

Report Analysis Logs

General

Target

35940b4665b6a3523662413fff9269be.dll
Size

52KB
MD5

35940b4665b6a3523662413fff9269be
SHA1

f3d92a2e312cd9609430705396eb6f563f35ee13
SHA256

c94f64fccf27d93e198e064b676477f958eaa4bfcbf2d632a3b4623b8b27d5f0
SHA512

ef5eebf765c70fbb328b777cb4b53c5ce0cb5a78b9e9b25aa90a95d618392f97b3827b1123e3b7deda3564389ffc657a7fb3c6edda6c375f89e0bb2afb647412

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/576-2-0x0000000000EA0000-0x0000000000EA7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

576 regsvr32.exe
576 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\35940b4665b6a3523662413fff9269be.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-2-0x0000000000EA0000-0x0000000000EA7000-memory.dmp

Filesize
28KB

Download