icedid | 6de5c2db6203f30c772d1e60ab6626990b2bfaeaa8fabb90bbaadf0993f6ce52 | Triage

Analysis

max time kernel
6s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 17:44

Sharing

Report Analysis Logs

General

Target

6de5c2db6203f30c772d1e60ab6626990b2bfaeaa8fabb90bbaadf0993f6ce52.dll
Size

79KB
MD5

5de5d3a6b95fe1f03b4f056ff84ec92c
SHA1

1853d9d38307936ff548730c18e95862a0e416d9
SHA256

6de5c2db6203f30c772d1e60ab6626990b2bfaeaa8fabb90bbaadf0993f6ce52
SHA512

dfd755d4270333175c5729ece12781091a024580dda91a05cec591392c5607a7641d443940b633939550107d878f0577cf467769aeaf052451897cf0cc1fce98

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1656-3-0x00000000001C0000-0x00000000001C7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1656 regsvr32.exe
1656 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6de5c2db6203f30c772d1e60ab6626990b2bfaeaa8fabb90bbaadf0993f6ce52.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-2-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

Filesize
8KB

Download
memory/1656-3-0x00000000001C0000-0x00000000001C7000-memory.dmp

Filesize
28KB

Download