icedid | baf471f9238cb6b5f1aa9c8a32a948d67900ba988e1324b4bbb4a4287b980566 | Triage

Analysis

max time kernel
5s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 18:41

Sharing

Report Analysis Logs

General

Target

baf471f9238cb6b5f1aa9c8a32a948d67900ba988e1324b4bbb4a4287b980566.dll
Size

79KB
MD5

a9dc93822533c45fb0c057878a98cc85
SHA1

3d58441f37c471f473f8fc63948f0ae2b92fd906
SHA256

baf471f9238cb6b5f1aa9c8a32a948d67900ba988e1324b4bbb4a4287b980566
SHA512

23e7882aa4b293455c042f7ab0c0ad72e893ae1887bd906f12ec047d7d3d62950c3d20ea0d8cab10ff9dc984bcd8a36a055a84cc7e906cabaa9fdb3e560c1ea1

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1108-3-0x00000000004C0000-0x00000000004C7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1108 regsvr32.exe
1108 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\baf471f9238cb6b5f1aa9c8a32a948d67900ba988e1324b4bbb4a4287b980566.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-2-0x000007FEFBA51000-0x000007FEFBA53000-memory.dmp

Filesize
8KB

Download
memory/1108-3-0x00000000004C0000-0x00000000004C7000-memory.dmp

Filesize
28KB

Download