icedid | d0db91bd11f41eb10ee5dce39e37a71a05a96264caa11c7b01ac31125b81b072 | Triage

Analysis

max time kernel
124s
max time network
68s
platform
windows7_x64
resource
win7v20210408
submitted
05-05-2021 14:02

Sharing

Report Analysis Logs

General

Target

d0db91bd11f41eb10ee5dce39e37a71a05a96264caa11c7b01ac31125b81b072.dll
Size

244KB
MD5

ec6ea6fa0e91dd56cf84aefaac26e868
SHA1

85ae98965a3802d284bfc76d81be9aecf092e6ea
SHA256

d0db91bd11f41eb10ee5dce39e37a71a05a96264caa11c7b01ac31125b81b072
SHA512

d2cd1c4770171a9e95be0115569d7f45865c0f6266a4ebc64e78907e9a0cf52d00ae7f59a490496a41a38bf0a48a2b6e7a07af5d2a4508f095ec99043c655fbe

Score

10^/10

icedid 3616463248 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3616463248

C2

tvorartificialnature.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1032-61-0x00000000002B0000-0x00000000002B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1032 regsvr32.exe
1032 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d0db91bd11f41eb10ee5dce39e37a71a05a96264caa11c7b01ac31125b81b072.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-60-0x000007FEFBD61000-0x000007FEFBD63000-memory.dmp

Filesize
8KB

Download
memory/1032-61-0x00000000002B0000-0x00000000002B7000-memory.dmp

Filesize
28KB

Download