General
Target
Filesize
Completed
Task
387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll
234KB
06-05-2021 18:37
behavioral1
Score
10/10
MD5
SHA1
SHA256
SHA256
69a9613ec679307c2600d6940211559c
ab85b2755f1de47060d970067900706e26ad69e3
387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96
8754d4cee1e75d5c3210449157d98b916318766632eeef85ae30dd76cfe49472bb61e6a8abc0b1a7baa663eaf4a67138204bbf97a2bc0413a0d2a0566f91fcba
Malware Config
Extracted
Family | icedid |
Campaign | 3042509645 |
C2 |
dsedertyhuiokle.top |
Signatures 2
Filter: none
-
IcedID, BokBot
Description
IcedID is a banking trojan capable of stealing credentials.
Tags
-
Suspicious behavior: EnumeratesProcessesregsvr32.exe
Reported IOCs
pid process 1996 regsvr32.exe 1996 regsvr32.exe
Processes 1
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dllSuspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1996-60-0x000007FEFC051000-0x000007FEFC053000-memory.dmp
-
memory/1996-61-0x00000000001E0000-0x0000000000226000-memory.dmp
Title
Loading data