6f57eb37bff30df1a66f848cb648799536dcbc05f6fb3.dll

General
Target

6f57eb37bff30df1a66f848cb648799536dcbc05f6fb3.dll

Filesize

234KB

Completed

07-05-2021 10:38

Score
10/10
MD5

dfa62565b68736dc443386d68388b269

SHA1

d64a755f001658c7bc037049259f23807105d8ba

SHA256

6f57eb37bff30df1a66f848cb648799536dcbc05f6fb32d1ae071102ffd830ee

Malware Config

Extracted

Family icedid
Campaign 3042509645
C2

dsedertyhuiokle.top

Signatures 2

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    1748regsvr32.exe
    1748regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6f57eb37bff30df1a66f848cb648799536dcbc05f6fb3.dll
    Suspicious behavior: EnumeratesProcesses
    PID:1748
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1748-59-0x000007FEFB8F1000-0x000007FEFB8F3000-memory.dmp

                          • memory/1748-60-0x00000000003D0000-0x0000000000416000-memory.dmp