icedid | 8ebe3b947cddf1621054c15c79196ed6088a81c9a193e39b04b7ad611e7f9587

Analysis

Target

8ebe3b947cddf1621054c15c79196ed6088a81c9a193e39b04b7ad611e7f9587.dll
Size

132KB
MD5

e5920d227962a10f86d357d2dad58383
SHA1

ca4eadc64d7c86a097f1d3e3d3f9e1a09dc1c129
SHA256

8ebe3b947cddf1621054c15c79196ed6088a81c9a193e39b04b7ad611e7f9587
SHA512

d7268021c96106e06ed58dc23f28eac9d12e596b4ce86ff31cc15387ed322a82dd997a2bbc2e327516b8cbc883086185c7d6562f5afa0837d6777cbaee5b8c19

Score

10^/10

Family

icedid

antiquepariss.top

fresnoviews.top

foolishsmile.club

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/3244-115-0x0000000072920000-0x0000000072926000-memory.dmp	IcedidSecondLoader

Blocklisted process makes network request 55 IoCs

Processes:

rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2188 wrote to memory of 3244	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 3244	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 3244	2188	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ebe3b947cddf1621054c15c79196ed6088a81c9a193e39b04b7ad611e7f9587.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ebe3b947cddf1621054c15c79196ed6088a81c9a193e39b04b7ad611e7f9587.dll,#1
2⤵
- Blocklisted process makes network request
PID:3244

memory/3244-114-0x0000000000000000-mapping.dmp

Download
memory/3244-115-0x0000000072920000-0x0000000072926000-memory.dmp

Filesize
24KB

Download
memory/3244-116-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download