icedid | a9ce226a503ab7b3c31d52198eecf8c203e875d2a41f77f143abe26bcd1afe6a | Triage

Analysis

max time kernel
5s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 19:17

Sharing

Report Analysis Logs

General

Target

4c1d8d024cd5c7de09ded10620371b1c.dll
Size

52KB
MD5

4c1d8d024cd5c7de09ded10620371b1c
SHA1

d622a2598d4801497265f4d545ca73ad75c90470
SHA256

a9ce226a503ab7b3c31d52198eecf8c203e875d2a41f77f143abe26bcd1afe6a
SHA512

1576bfd2eb42d43c504b2c01d7e58dd4240a20541538dad3a0effd85f9abaa666126c5795dc60ff73455f7b0c350341fda4fd615208a9177e5ef4ec25277c849

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1056-3-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1056 regsvr32.exe
1056 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4c1d8d024cd5c7de09ded10620371b1c.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1056-2-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmp

Filesize
8KB

Download
memory/1056-3-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download