icedid | 9e2d1466480a6265cb65de5f2bca7971c5fe3aa5fdb3c6d78a0595ba413f10a1 | Triage

Analysis

max time kernel
1142s
max time network
1145s
platform
windows10_x64
resource
win10-en-20210920
submitted
21-10-2021 09:30

Sharing

Report Analysis Logs

General

Target

d13ae2121af3bc78790d5191c543c7b.exe.dll
Size

65KB
MD5

d13ae2121af3bc78790d5191c543c7b3
SHA1

4096d8c93f1bb01dfd4871bb8fffb5b0e59832c9
SHA256

9e2d1466480a6265cb65de5f2bca7971c5fe3aa5fdb3c6d78a0595ba413f10a1
SHA512

13dc335a17880453f826d878bb3674463dac25fb64cff3e7b678cfba58771b2c76376d6c0d4e4f61da7a542f98620d398184af265f5daca41648d81282051742

Score

10^/10

icedid 3717128962 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3717128962

C2

usaaforced.fun

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2492-115-0x0000000001280000-0x0000000001287000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2492 regsvr32.exe
2492 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d13ae2121af3bc78790d5191c543c7b.exe.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2492-115-0x0000000001280000-0x0000000001287000-memory.dmp

Filesize
28KB

Download