icedid | f72261f118585ab983e93f8913112a6b0f4cb642fce5dc28250127239ab21470 | Triage

Analysis

max time kernel
126s
max time network
128s
platform
windows10_x64
resource
win10v20210408
submitted
05-05-2021 19:25

Sharing

Report Analysis Logs

General

Target

f72261f118585ab983e93f8913112a6b0f4cb642fce5dc28250127239ab21470.dll
Size

187KB
MD5

125d4afb696a4a29988d16b6e5073561
SHA1

a13cf3c89a9f3b53f0f360e75e85ec5f1b89e71b
SHA256

f72261f118585ab983e93f8913112a6b0f4cb642fce5dc28250127239ab21470
SHA512

8ba85fb23f700594a259c4db63ffe82405c2288cc821ba7c853750a88b2479dc206b215c48a826010c408584e9b449c408760f65e3be87b33f4eec34e8d1ba39

Score

10^/10

icedid 861670232 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

861670232

C2

provokordino.space

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4656-114-0x0000000001450000-0x0000000001457000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

4656 regsvr32.exe
4656 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f72261f118585ab983e93f8913112a6b0f4cb642fce5dc28250127239ab21470.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4656-114-0x0000000001450000-0x0000000001457000-memory.dmp

Filesize
28KB

Download