icedid | f3ab9c6d12a8c0dcefa9d971249b757cd4d36aa2faca0299469204fd0ede7494 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows10_x64
resource
win10v20201028
submitted
24-03-2021 17:46

Sharing

Report Analysis Logs

General

Target

f3ab9c6d12a8c0dcefa9d971249b757cd4d36aa2faca0299469204fd0ede7494.dll
Size

66KB
MD5

efbc717d266383ff655e917a2dc29882
SHA1

102c35d5029c66768285086242893eec836f792c
SHA256

f3ab9c6d12a8c0dcefa9d971249b757cd4d36aa2faca0299469204fd0ede7494
SHA512

0b44f17c88a3c21e0923c6d59abba44e88619214ae50089639917a0ea7e4a23e4889c77c67699f6c725c55bba2d580d431a3af40e4f95e7b5f06126974f33d11

Score

10^/10

icedid 3683573724 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3683573724

C2

24savetonnofmaoney.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/880-2-0x00000000005F0000-0x00000000005F7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

880 regsvr32.exe
880 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3ab9c6d12a8c0dcefa9d971249b757cd4d36aa2faca0299469204fd0ede7494.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-2-0x00000000005F0000-0x00000000005F7000-memory.dmp

Filesize
28KB

Download