Overview

overview

10

Static

static

387713eb2858b6...96.dll

windows7_x64

10

387713eb2858b6...96.dll

windows10_x64

10
General
Target

387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll

Filesize

234KB

Completed

06-05-2021 18:37

Task

behavioral1

Score
10/10
MD5

69a9613ec679307c2600d6940211559c

SHA1

ab85b2755f1de47060d970067900706e26ad69e3

SHA256

387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96

SHA256

8754d4cee1e75d5c3210449157d98b916318766632eeef85ae30dd76cfe49472bb61e6a8abc0b1a7baa663eaf4a67138204bbf97a2bc0413a0d2a0566f91fcba

Malware Config

Extracted

Family

icedid
Campaign

3042509645
C2

dsedertyhuiokle.top
Signatures 2

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    1996regsvr32.exe
    1996regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll
    Suspicious behavior: EnumeratesProcesses
    PID:1996
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/1996-60-0x000007FEFC051000-0x000007FEFC053000-memory.dmp

                            Download

                          • memory/1996-61-0x00000000001E0000-0x0000000000226000-memory.dmp

                            Download