Overview

overview

10

Static

static

10

icedid_unp...21.dll

windows7_x64

10

icedid_unp...21.dll

windows10_x64

10

Resubmissions

12-05-2021 11:23

210512-zh6ng4wpcx 10

04-05-2021 14:45

210504-pe5xdz7s6e 10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    04-05-2021 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    icedid_unpacked_4_may_21.dll

  • Size

    12KB

  • MD5

    57637df08cfcff36b7b507f8d544daee

  • SHA1

    07094f36996e612230ec5750e7248748d88ff89a

  • SHA256

    d00bfb0c585d842113b85d03a479c632a2c76a23ad1121cf6e55f573ce1fbd11

  • SHA512

    238c2469b74204b0ac0b82aad76b175048ef65f05991793001f4bc4dc5ff1a4c832af754925617068fea14004175eafe28627ba8c33bc0ce91f2d9d97c39a8fc

Score
10/10
icedid3042509645bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

3042509645

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\icedid_unpacked_4_may_21.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-60-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp
    Filesize

    8KB

    Download