icedid | 88fd6304135a01b3ffefeb5bfd56d1825e8bf0af17bab6c3ab4710c50ab04897 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 17:03

Sharing

Report Analysis Logs

General

Target

88fd6304135a01b3ffefeb5bfd56d1825e8bf0af17bab.dll
Size

79KB
MD5

365565f1c817f4a27eed990af296c130
SHA1

1da8c9b18817dfd64182c3ea1fcf15ac0a713e32
SHA256

88fd6304135a01b3ffefeb5bfd56d1825e8bf0af17bab6c3ab4710c50ab04897
SHA512

660251128dbce82412a44443fcba9133a49a2951638a6e6f3d7d5c10186630ec139e3b9d320057af9ee7b192460d158d757924a28f8fed470bfd96c50d9b1ec3

Score

10^/10

icedid 1211238709 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/776-3-0x0000000000140000-0x0000000000147000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

776 regsvr32.exe
776 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\88fd6304135a01b3ffefeb5bfd56d1825e8bf0af17bab.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-2-0x000007FEFBB61000-0x000007FEFBB63000-memory.dmp

Filesize
8KB

Download
memory/776-3-0x0000000000140000-0x0000000000147000-memory.dmp

Filesize
28KB

Download