icedid | 183b4ef83bf1c9447d2af1fd30b675c398c8c84e1e4e7ac14f5b89798b74363d | Triage

Analysis

max time kernel
123s
max time network
123s
platform
windows10_x64
resource
win10v20210408
submitted
05-05-2021 13:31

Sharing

Report Analysis Logs

General

Target

183b4ef83bf1c9447d2af1fd30b675c398c8c84e1e4e7ac14f5b89798b74363d.dll
Size

271KB
MD5

1a4adb9bac04ec9fc94c9dd4ba90a0f9
SHA1

9a08757db0e98aee9be9ced2c238e5acc284f9c1
SHA256

183b4ef83bf1c9447d2af1fd30b675c398c8c84e1e4e7ac14f5b89798b74363d
SHA512

db6ed1c46097fb2b43e087fa15454c5bfba4c9e715049311ede93103c7ee69200efd67383b962565beb571b0089dcf6c113bb120739fec32bd4e40753dc82f8c

Score

10^/10

icedid 3616463248 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3616463248

C2

tvorartificialnature.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/796-114-0x0000000000830000-0x0000000000837000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

796 regsvr32.exe
796 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\183b4ef83bf1c9447d2af1fd30b675c398c8c84e1e4e7ac14f5b89798b74363d.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/796-114-0x0000000000830000-0x0000000000837000-memory.dmp

Filesize
28KB

Download