Analysis

  • max time kernel
    6s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    06-05-2021 18:34

General

  • Target

    387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll

  • Size

    234KB

  • MD5

    69a9613ec679307c2600d6940211559c

  • SHA1

    ab85b2755f1de47060d970067900706e26ad69e3

  • SHA256

    387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96

  • SHA512

    8754d4cee1e75d5c3210449157d98b916318766632eeef85ae30dd76cfe49472bb61e6a8abc0b1a7baa663eaf4a67138204bbf97a2bc0413a0d2a0566f91fcba

Malware Config

Extracted

Family

icedid

Campaign

3042509645

C2

dsedertyhuiokle.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses ⋅ 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll
    Suspicious behavior: EnumeratesProcesses
    PID:1996

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads

                          • memory/1996-60-0x000007FEFC051000-0x000007FEFC053000-memory.dmp
                          • memory/1996-61-0x00000000001E0000-0x0000000000226000-memory.dmp