icedid | 3a02a1c45007574927d5b8efd8fe805ac9885849c67e4b392367b3373666d0c4 | Triage

Analysis

max time kernel
123s
max time network
125s
platform
windows7_x64
resource
win7v20210410
submitted
11-05-2021 10:35

Sharing

Report Analysis Logs

General

Target

3a02a1c45007574927d5b8efd8fe805ac9885849c67e4b392367b3373666d0c4.dll
Size

176KB
MD5

63964c4e2eb6bad3591d09c708355522
SHA1

df3dca69becf159b649788d3044b63687a704799
SHA256

3a02a1c45007574927d5b8efd8fe805ac9885849c67e4b392367b3373666d0c4
SHA512

91373858e1d3c7b6be7fbcb1dcf3a8b4d1458390077d32a5ae1d2345533d881918cd3e81d9dd153b9a1ed6e8d2365c9cdebdc21d0e598c7b133c5b80fc3b4c95

Score

10^/10

icedid 861670232 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

861670232

C2

provokordino.space

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1676-60-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1676 regsvr32.exe
1676 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3a02a1c45007574927d5b8efd8fe805ac9885849c67e4b392367b3373666d0c4.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-59-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmp

Filesize
8KB

Download
memory/1676-60-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download