General
Target

387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll

Filesize

234KB

Completed

06-05-2021 18:37

Task

behavioral2

Score
10/10
MD5

69a9613ec679307c2600d6940211559c

SHA1

ab85b2755f1de47060d970067900706e26ad69e3

SHA256

387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96

SHA256

8754d4cee1e75d5c3210449157d98b916318766632eeef85ae30dd76cfe49472bb61e6a8abc0b1a7baa663eaf4a67138204bbf97a2bc0413a0d2a0566f91fcba

Malware Config

Extracted

Family

icedid

Campaign

3042509645

C2

dsedertyhuiokle.top

Signatures 2

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    856regsvr32.exe
    856regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\387713eb2858b620cdf67430b071bc942316f5c29644ce25cca0215d90444c96.dll
    Suspicious behavior: EnumeratesProcesses
    PID:856
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/856-114-0x0000000002530000-0x0000000002576000-memory.dmp