icedid | d44d6466acf376f3d3d94cc0886617c6d27de9ac391d443c69972a97830b0e65 | Triage

Analysis

max time kernel
123s
max time network
65s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 17:45

Sharing

Report Analysis Logs

General

Target

d44d6466acf376f3d3d94cc0886617c6d27de9ac391d443c69972a97830b0e65.dll
Size

65KB
MD5

5f33c44e49cd7e071daad1c256747c78
SHA1

50a12805d83c6a05fe4c6bdb350377f0ae8d1a2a
SHA256

d44d6466acf376f3d3d94cc0886617c6d27de9ac391d443c69972a97830b0e65
SHA512

35e876c73e3fd2f1320d4e12de677816dc5d6986d180adb1b2af0ba8b11a6f7b9d6570bd663adcd18e6b73a69f25d230021c7aac4092d4325f6ae2a6b65380b4

Score

10^/10

icedid 3683573724 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3683573724

C2

24savetonnofmaoney.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1908-3-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1908 regsvr32.exe
1908 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d44d6466acf376f3d3d94cc0886617c6d27de9ac391d443c69972a97830b0e65.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-2-0x000007FEFBBF1000-0x000007FEFBBF3000-memory.dmp

Filesize
8KB

Download
memory/1908-3-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download