icedid | 3eeb025b4103aefe9ef71b82ef66e3b097e1aa6778f461fd63ef8599f37b95a4 | Triage

Analysis

max time kernel
132s
max time network
134s
platform
windows10_x64
resource
win10v20210410
submitted
11-05-2021 10:35

Sharing

Report Analysis Logs

General

Target

3eeb025b4103aefe9ef71b82ef66e3b097e1aa6778f461fd63ef8599f37b95a4.dll
Size

65KB
MD5

d638bb6f51dafa75b869555059676c92
SHA1

66f70011c9591fae214f1c9cc4b045ca2f66e615
SHA256

3eeb025b4103aefe9ef71b82ef66e3b097e1aa6778f461fd63ef8599f37b95a4
SHA512

d63209c4be0621dd7543409826f7b7bf8688e92650b7a7bfce5a63851b3113c99ca1eb8bb0658b8f2ee906b310cc5b43577f2cbecdf29237f6831f92dcdf9efe

Score

10^/10

icedid 3717128962 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3717128962

C2

usaaforced.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3840-114-0x00000000007A0000-0x00000000007A7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3840 regsvr32.exe
3840 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3eeb025b4103aefe9ef71b82ef66e3b097e1aa6778f461fd63ef8599f37b95a4.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3840-114-0x00000000007A0000-0x00000000007A7000-memory.dmp

Filesize
28KB

Download