icedid | ea004e90dc1bc97947f3d56bbd4061400ded06ea0b011a868cadbb94efe52ce0 | Triage

Analysis

max time kernel
140s
max time network
145s
platform
windows10_x64
resource
win10v20210410
submitted
06-05-2021 16:02

Sharing

Report Analysis Logs

General

Target

a4fed133_by_Libranalysis.dll
Size

42KB
MD5

a4fed1335db738aad86fb1505be5b2b2
SHA1

69102f5b7d13f97bd23a032dd5d001f3e8c96082
SHA256

ea004e90dc1bc97947f3d56bbd4061400ded06ea0b011a868cadbb94efe52ce0
SHA512

663dd1fe711996a37138d3162955a63e60c00541adc1be746350d3f07a6d3e01d0d37134bed701655e80c993e5578660b879f0ae77e33fc37d17b7720afc3e46

Score

10^/10

icedid 2941843931 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

2941843931

C2

barcafokliresd.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3016 regsvr32.exe
3016 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a4fed133_by_Libranalysis.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3016-114-0x0000000001F10000-0x0000000001F5D000-memory.dmp

Filesize
308KB

Download