icedid | acc9f8e3161cf6f0327447eb1146c14ad94c53d84651ccf38c8ca722652ded18 | Triage

Analysis

max time kernel
14s
max time network
110s
platform
windows10_x64
resource
win10v20210408
submitted
06-05-2021 17:32

Sharing

Report Analysis Logs

General

Target

acc9f8e3161cf6f0327447eb1146c14ad94c53d84651ccf38c8ca722652ded18.dll
Size

234KB
MD5

16ade144ecc3dd743c30a23ae483b9c7
SHA1

4b1b3bc2db89d0eddad0c4d8c419b074c8b78c61
SHA256

acc9f8e3161cf6f0327447eb1146c14ad94c53d84651ccf38c8ca722652ded18
SHA512

36cd70ed9d2c6ed1cbfd3f6357ccf9b71ed534d2237f88e0f136be99e386b7b04261214288241ff876df63f3c7d87f6b3c742f036f44f08b64d9392ae17aec66

Score

10^/10

icedid 3042509645 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3042509645

C2

dsedertyhuiokle.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

784 regsvr32.exe
784 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\acc9f8e3161cf6f0327447eb1146c14ad94c53d84651ccf38c8ca722652ded18.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/784-114-0x0000000000AE0000-0x0000000000B26000-memory.dmp

Filesize
280KB

Download