icedid | a81675c486d533d9d98c180b77e6f8510c4e32155864e84d2e0945b7e3e7ede3 | Triage

Analysis

max time kernel
13s
max time network
111s
platform
windows10_x64
resource
win10v20201028
submitted
24-03-2021 17:27

Sharing

Report Analysis Logs

General

Target

d53e2583fb47fec8c9ee99025439e5c9.dll
Size

79KB
MD5

d53e2583fb47fec8c9ee99025439e5c9
SHA1

e0a9950a192ecd84a67c613883ad10046064fe13
SHA256

a81675c486d533d9d98c180b77e6f8510c4e32155864e84d2e0945b7e3e7ede3
SHA512

4e8f727136076f039ccb4161c50f0af715ada2dccf1a3e03dce8e54a0c1733e63b16b020e816d5368ed60d8babebc114c9a936f2aa4f08e3d9c28a55db92d99c

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/880-2-0x0000000000700000-0x0000000000707000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

880 regsvr32.exe
880 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d53e2583fb47fec8c9ee99025439e5c9.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-2-0x0000000000700000-0x0000000000707000-memory.dmp

Filesize
28KB

Download