General
Target

b52c0640957e5032b5160578f8cb99f9b066fde4f9431.dll

Filesize

258KB

Completed

21-04-2021 21:59

Task

behavioral1

Score
10/10
MD5

2cbed069a079c2c57946e9cccb1f1f72

SHA1

18c4208d04d1b0a5d0e423cb60ca87fd64eabf80

SHA256

b52c0640957e5032b5160578f8cb99f9b066fde4f9431ee6869b2eea67338f28

SHA256

372cc5969492964dcbed070981b1fd443b53e1fbc23664f75bfa01ee96aefc733998ff9d586b8099f455a7f3546cfcf4190038a9dfeb54d94903d0f4beba84c4

Malware Config

Extracted

Family

icedid

Campaign

3351099083

C2

vaclicinni.xyz

Signatures 3

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader

    Tags

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1944-60-0x00000000002B0000-0x00000000002B7000-memory.dmpIcedidFirstLoader
  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    1944regsvr32.exe
    1944regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b52c0640957e5032b5160578f8cb99f9b066fde4f9431.dll
    Suspicious behavior: EnumeratesProcesses
    PID:1944
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1944-59-0x000007FEFB891000-0x000007FEFB893000-memory.dmp

                          • memory/1944-60-0x00000000002B0000-0x00000000002B7000-memory.dmp