pasteBorder.dll

General
Target

pasteBorder.dll

Filesize

337KB

Completed

04-05-2021 18:49

Score
10 /10
MD5

6ee6fcde80cbf4967885454cfcdf22a5

SHA1

c3b771ed998a4363e9eb00996c651bc560138503

SHA256

fa914c9914a9a663613c62467009adb9a283275863e0fd4a39b5e5e4f3a0f376

Malware Config

Extracted

Family icedid
Campaign 3042509645
C2

barcafokliresd.top

Signatures 3

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

  • PhotoLoader Payload

    Description

    IcedID downloder-Photloader.

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/604-114-0x0000000002770000-0x00000000027B6000-memory.dmpcrime_win32_icedid_stage1
  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    604regsvr32.exe
    604regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\pasteBorder.dll
    Suspicious behavior: EnumeratesProcesses
    PID:604
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/604-114-0x0000000002770000-0x00000000027B6000-memory.dmp