icedid | 0df39d0e12024c1a464ca5eb3e1b0614721c7f4e28421dceebfc9dee7d12b421 | Triage

Analysis

max time kernel
123s
max time network
62s
platform
windows7_x64
resource
win7v20210410
submitted
05-05-2021 14:02

Sharing

Report Analysis Logs

General

Target

0df39d0e12024c1a464ca5eb3e1b0614721c7f4e28421dceebfc9dee7d12b421.dll
Size

182KB
MD5

c5ba1ce043a78fa1c8850a2f471480ef
SHA1

463d4139c167ea7b6d8ca143e7a323f95315d86e
SHA256

0df39d0e12024c1a464ca5eb3e1b0614721c7f4e28421dceebfc9dee7d12b421
SHA512

437637b4e364358d18bf7774b253199821329c5b460a0c41ae43f764e2c26f68ace804d0c642e3f7cd0b5d314cda0b0dceeab81748c20ef6e4f6b9d7f21a0b1e

Score

10^/10

icedid 861670232 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

861670232

C2

provokordino.space

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2004-60-0x00000000001B0000-0x00000000001B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2004 regsvr32.exe
2004 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0df39d0e12024c1a464ca5eb3e1b0614721c7f4e28421dceebfc9dee7d12b421.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-59-0x000007FEFC411000-0x000007FEFC413000-memory.dmp

Filesize
8KB

Download
memory/2004-60-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download