icedid | e12a6841c7c44aa23530e348c6768d74a817e9c101e37907ed8956d392011a36 | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows10_x64
resource
win10v20210408
submitted
05-05-2021 14:02

Sharing

Report Analysis Logs

General

Target

f6cbdf9232d177bbfa27bcd8d464379d.dll
Size

86KB
MD5

f6cbdf9232d177bbfa27bcd8d464379d
SHA1

935e7713d6a2c51125e1035188cef4e1e052608e
SHA256

e12a6841c7c44aa23530e348c6768d74a817e9c101e37907ed8956d392011a36
SHA512

fcd03923cdbf330aabe5fc7de48e98b46258978095ed0e6bc0494d04da1d696637037a6e50e949e88d19e039466ba505170646b1aa569b881f96d04a4091f30d

Score

10^/10

icedid 3717128962 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3717128962

C2

usaaforced.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/584-114-0x00000000001B0000-0x00000000001B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

584 regsvr32.exe
584 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f6cbdf9232d177bbfa27bcd8d464379d.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/584-114-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download