icedid | 2ddf34077bc67af5aa4ce5f0703f210c6ac886fd331e57cfcd0da1f3ebb5778f | Triage

Analysis

max time kernel
123s
max time network
65s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 17:46

Sharing

Report Analysis Logs

General

Target

2ddf34077bc67af5aa4ce5f0703f210c6ac886fd331e57cfcd0da1f3ebb5778f.dll
Size

65KB
MD5

d3d3b5b97d4aee7e03d23cbbdb16611a
SHA1

af41f2fde078c95d4e3336a277402f864f5db089
SHA256

2ddf34077bc67af5aa4ce5f0703f210c6ac886fd331e57cfcd0da1f3ebb5778f
SHA512

5dc0d37340fe2406dabf61f514eae9bf7a2a625251c1e6f4996cd4e0ff4be75e9a672e93c64ab1dedfef8f881be58ff4b9e3fcd198a2b840d7b0c39769f87c7b

Score

10^/10

icedid 3683573724 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3683573724

C2

24savetonnofmaoney.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1944-3-0x00000000000C0000-0x00000000000C7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1944 regsvr32.exe
1944 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2ddf34077bc67af5aa4ce5f0703f210c6ac886fd331e57cfcd0da1f3ebb5778f.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-2-0x000007FEFC021000-0x000007FEFC023000-memory.dmp

Filesize
8KB

Download
memory/1944-3-0x00000000000C0000-0x00000000000C7000-memory.dmp

Filesize
28KB

Download