Analysis

  • max time kernel
    12s
  • max time network
    69s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    06-05-2021 18:34

General

  • Target

    387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll

  • Size

    234KB

  • MD5

    69a9613ec679307c2600d6940211559c

  • SHA1

    ab85b2755f1de47060d970067900706e26ad69e3

  • SHA256

    387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96

  • SHA512

    8754d4cee1e75d5c3210449157d98b916318766632eeef85ae30dd76cfe49472bb61e6a8abc0b1a7baa663eaf4a67138204bbf97a2bc0413a0d2a0566f91fcba

Malware Config

Extracted

Family

icedid

Campaign

3042509645

C2

dsedertyhuiokle.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/856-114-0x0000000002530000-0x0000000002576000-memory.dmp
    Filesize

    280KB