icedid | 19ef0d590ae1ce128b0c96eeb58e95c5d5572f75d8b443648410300a57d4e8d0 | Triage

Analysis

max time kernel
123s
max time network
122s
platform
windows7_x64
resource
win7v20210410
submitted
05-05-2021 14:05

Sharing

Report Analysis Logs

General

Target

97dfb40b46ea9bc51a256bb1b1aa472e.dll
Size

191KB
MD5

97dfb40b46ea9bc51a256bb1b1aa472e
SHA1

290e46431cd9fc6cca5308f77fb75f203cc4df6d
SHA256

19ef0d590ae1ce128b0c96eeb58e95c5d5572f75d8b443648410300a57d4e8d0
SHA512

8ff54099008f2a1d75df3cff1caa8be88642047775fc46140c4f26017372203636981471a6f8bda5db15628d7bc41744201ce96e37dc5e3ff06ecf2f8b1234a7

Score

10^/10

icedid 861670232 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

861670232

C2

provokordino.space

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1240-60-0x0000000000140000-0x0000000000147000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1240 regsvr32.exe
1240 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\97dfb40b46ea9bc51a256bb1b1aa472e.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1240-59-0x000007FEFB591000-0x000007FEFB593000-memory.dmp

Filesize
8KB

Download
memory/1240-60-0x0000000000140000-0x0000000000147000-memory.dmp

Filesize
28KB

Download