icedid | 585229377732e8e8b26e4a4ea5ea805b5f6a655de5dd45d6a6ef821f2211a6c3 | Triage

Analysis

max time kernel
143s
max time network
146s
platform
windows10_x64
resource
win10v20210410
submitted
05-05-2021 18:02

Sharing

Report Analysis Logs

General

Target

ce1137ae_by_Libranalysis.dll
Size

226KB
MD5

ce1137aeccf879e96ceccee6ddfb8949
SHA1

1274879269ee2f392464256edb0502e508251159
SHA256

585229377732e8e8b26e4a4ea5ea805b5f6a655de5dd45d6a6ef821f2211a6c3
SHA512

fedfcb4ddb90e0ce61e578688c6728babe76d2394d09d222121a9dc5602e61c17a53a49a4684fd0ff981f43e06914326e8196eb571310905611cf1e7bcd4fef5

Score

10^/10

icedid 1386562008 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

1386562008

C2

zasertiokil.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3180 regsvr32.exe
3180 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ce1137ae_by_Libranalysis.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3180-114-0x0000000001F70000-0x0000000001FB6000-memory.dmp

Filesize
280KB

Download