General
Target
Filesize
Completed
Task
dd6d136055296abfc6f94c8ae1d039042c603fb1d0938.dll
234KB
07-05-2021 16:04
behavioral2
Score
10/10
MD5
SHA1
SHA256
SHA256
fecf84576b7b6cdc64e5cf839db18c3b
32fffb167d3e20a15731cb137dde2fa2fbc1bdf2
dd6d136055296abfc6f94c8ae1d039042c603fb1d0938a75d446c86d1f4636d4
0c7cdf1e70c085306c89d4e577f3492a427082ce73bede460fb80759d3a3b976ea7f666c19f7871b4283788132bd671135933ce7e561da7eb4eec5e50941da3b
Malware Config
Extracted
Family | icedid |
Campaign | 3042509645 |
C2 |
dsedertyhuiokle.top |
Signatures 2
Filter: none
-
IcedID, BokBot
Description
IcedID is a banking trojan capable of stealing credentials.
Tags
-
Suspicious behavior: EnumeratesProcessesregsvr32.exe
Reported IOCs
pid process 804 regsvr32.exe 804 regsvr32.exe
Processes 1
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd6d136055296abfc6f94c8ae1d039042c603fb1d0938.dllSuspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/804-114-0x0000000001400000-0x0000000001446000-memory.dmp
Title
Loading data