Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-04-2021 09:59

General

  • Target

    Kiod.hod.dll

  • Size

    64KB

  • MD5

    d7b3fe762d53da6ea7028d1d48cb11f1

  • SHA1

    e3ff87266aa56dd14e8f5fa70e44fe0539924079

  • SHA256

    d1634c8dd16b4b1480065039fac62d6c1900692f0ccc9bf52c8ddc65599fbf3d

  • SHA512

    035e9a44e911a792762bdb5d58d341f4c03422f765a74d18998076b6dc7b4ac04a48a1133574fa1590cc797531a8961623923b175390e9bcb8900f844e7a9a34

Malware Config

Extracted

Family

icedid

Campaign

2046050

C2

calldivorce.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader ⋅ 1 IoCs
  • Suspicious behavior: EnumeratesProcesses ⋅ 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Kiod.hod.dll
    Suspicious behavior: EnumeratesProcesses
    PID:780

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads

                          • memory/780-60-0x000007FEFBB61000-0x000007FEFBB63000-memory.dmp
                          • memory/780-61-0x0000000000140000-0x0000000000147000-memory.dmp