Resubmissions

24-06-2021 15:47

210624-nj8y6m51pn 10

21-06-2021 10:04

210621-pd63fl26fn 10

Analysis

  • max time kernel
    4s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    21-06-2021 10:04

General

  • Target

    725c29b02c040ec7fa3f5790716073f3ede3e0c2.dll

  • Size

    84KB

  • MD5

    b22c0344515fb985100a02f0e3bb5845

  • SHA1

    725c29b02c040ec7fa3f5790716073f3ede3e0c2

  • SHA256

    3839ea5f86c4ebc8036ab26cfee2b0e05893a6b276d39ba23b75980c4db4c8a4

  • SHA512

    44f977d0e468507fddfc7213277d8e83718ce13d183b625ac6349548d3b81d06d8ea147b7245658633866ff8959dbc0165a4b1255065f24173392647df60bb36

Malware Config

Extracted

Family

icedid

Campaign

942942329

C2

bethehill.trade

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\725c29b02c040ec7fa3f5790716073f3ede3e0c2.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1096-60-0x000007FEFBC41000-0x000007FEFBC43000-memory.dmp

    Filesize

    8KB

  • memory/1096-61-0x00000000002B0000-0x00000000002B9000-memory.dmp

    Filesize

    36KB