icedid | e25c4ee20902530b337b46d011e7938a79e0ef1323b6c549752665a46a1da5a2 | Triage

Analysis

max time kernel
13s
max time network
64s
platform
windows10_x64
resource
win10v20210408
submitted
06-05-2021 20:02

Sharing

Report Analysis Logs

General

Target

e25c4ee20902530b337b46d011e7938a79e0ef1323b6c.dll
Size

313KB
MD5

afa9a66a4b1f8d336f37b22eed0e678e
SHA1

2f4b2dc050f3271a44c5bc54666408aaeb42917c
SHA256

e25c4ee20902530b337b46d011e7938a79e0ef1323b6c549752665a46a1da5a2
SHA512

a5f8946d09d7b1a6772e3925408273ef70cedbd38f24e722bb7c637da57fa045e7e4417c26fff324911d75d501e2f3fb54ce729b6f84eab544588168171df75f

Score

10^/10

icedid 2925066312 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

2925066312

C2

barcafokliresd.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

636 regsvr32.exe
636 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e25c4ee20902530b337b46d011e7938a79e0ef1323b6c.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-114-0x0000000000AB0000-0x0000000000AF6000-memory.dmp

Filesize
280KB

Download