icedid | 51cfaf0e7df40e783d3636b6768fed03261cee616cc84b62da787ec4520739c5 | Triage

Analysis

max time kernel
123s
max time network
124s
platform
windows10_x64
resource
win10v20210410
submitted
10-05-2021 18:08

Sharing

Report Analysis Logs

General

Target

b2715b04c731c53b81b7edad1299413a.dll
Size

183KB
MD5

b2715b04c731c53b81b7edad1299413a
SHA1

019c266985428e328b1efb26e803954ad9229c83
SHA256

51cfaf0e7df40e783d3636b6768fed03261cee616cc84b62da787ec4520739c5
SHA512

d9c9c2c4cb9b2fd098c19a021ca2110231a16f30b520af9ec908b332a2d79e114128f5df83e3e8a2a6237725113f02d9ef01ab5b8a044b9a01532aefad981312

Score

10^/10

icedid 861670232 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

861670232

C2

provokordino.space

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3980-114-0x0000000000BD0000-0x0000000000BD7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3980 regsvr32.exe
3980 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b2715b04c731c53b81b7edad1299413a.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3980-114-0x0000000000BD0000-0x0000000000BD7000-memory.dmp

Filesize
28KB

Download