icedid | ed3a24dd16bc02038d4f1d52f6404c185b6779053f0159854fea91439088d69e | Triage

Analysis

max time kernel
3s
max time network
7s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 16:38

Sharing

Report Analysis Logs

General

Target

1174aa272e7176ab4df8bb35d01cc0c2.dll
Size

79KB
MD5

1174aa272e7176ab4df8bb35d01cc0c2
SHA1

3c2067feb12578c8a11ca87865a85d69515f2144
SHA256

ed3a24dd16bc02038d4f1d52f6404c185b6779053f0159854fea91439088d69e
SHA512

5af1b8f3eb41b65dbac6e153746fa3228c019ddc62e9337c0bbc8413244e5cd843122cd8a092b0534ef366c405f5f1fbaaf9394d709eabc5fd0b2cd5e50f5475

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1964-3-0x00000000000C0000-0x00000000000C7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1964 regsvr32.exe
1964 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1174aa272e7176ab4df8bb35d01cc0c2.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-2-0x000007FEFB541000-0x000007FEFB543000-memory.dmp

Filesize
8KB

Download
memory/1964-3-0x00000000000C0000-0x00000000000C7000-memory.dmp

Filesize
28KB

Download