icedid | 88428fd1ea734659a287b39a32eadcad36a003a8757312563a52c515cc2ac225 | Triage

Analysis

max time kernel
4s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 21:08

Sharing

Report Analysis Logs

General

Target

1532b50b1dab88f2b602c4ca4a5dd2c6.dll
Size

52KB
MD5

1532b50b1dab88f2b602c4ca4a5dd2c6
SHA1

cd76bc616e6eadfc30b88886d0474b54af30a783
SHA256

88428fd1ea734659a287b39a32eadcad36a003a8757312563a52c515cc2ac225
SHA512

1b78ee8ba004ed253773a015755a2af71b385160fff753ade63d0786f21221b78f706576510e636eef45c2cc223a471a59e52bc0268fe2bc58b232c1a1d332e6

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1740-3-0x00000000002C0000-0x00000000002C7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1740 regsvr32.exe
1740 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1532b50b1dab88f2b602c4ca4a5dd2c6.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-2-0x000007FEFBDE1000-0x000007FEFBDE3000-memory.dmp

Filesize
8KB

Download
memory/1740-3-0x00000000002C0000-0x00000000002C7000-memory.dmp

Filesize
28KB

Download