icedid | b52c0640957e5032b5160578f8cb99f9b066fde4f9431ee6869b2eea67338f28 | Triage

Analysis

max time kernel
4s
max time network
8s
platform
windows7_x64
resource
win7v20210408
submitted
21-04-2021 21:57

Sharing

Report Analysis Logs

General

Target

b52c0640957e5032b5160578f8cb99f9b066fde4f9431.dll
Size

258KB
MD5

2cbed069a079c2c57946e9cccb1f1f72
SHA1

18c4208d04d1b0a5d0e423cb60ca87fd64eabf80
SHA256

b52c0640957e5032b5160578f8cb99f9b066fde4f9431ee6869b2eea67338f28
SHA512

372cc5969492964dcbed070981b1fd443b53e1fbc23664f75bfa01ee96aefc733998ff9d586b8099f455a7f3546cfcf4190038a9dfeb54d94903d0f4beba84c4

Score

10^/10

icedid 3351099083 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3351099083

C2

vaclicinni.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1944-60-0x00000000002B0000-0x00000000002B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1944 regsvr32.exe
1944 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b52c0640957e5032b5160578f8cb99f9b066fde4f9431.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-59-0x000007FEFB891000-0x000007FEFB893000-memory.dmp

Filesize
8KB

Download
memory/1944-60-0x00000000002B0000-0x00000000002B7000-memory.dmp

Filesize
28KB

Download