icedid | 03f5e9a1c5bd9079a54240c6e0443dd0497fbc7580cd75b6a2324111b8d93c76 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-en-20211014
submitted
17-11-2021 19:53

Sharing

Report Analysis Logs

General

Target

Kathleen.xz.0.dr.dll
Size

108KB
MD5

4f2a7160665d709942e866fbc5f87739
SHA1

35789f5eee7c38f329eb95c08b6e6cb4666e7b07
SHA256

03f5e9a1c5bd9079a54240c6e0443dd0497fbc7580cd75b6a2324111b8d93c76
SHA512

52f475bc0a0c1f1523013d7f84262f305bc8bfc49b766e59a94e41b5ca34c01b57c0f101bd8f6a957cf7b35baee7f0a3a2614577082f08f5bfc3bb7ad3d268b7

Score

10^/10

icedid 4274986930 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

4274986930

C2

aucespoo.ink

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

580 regsvr32.exe
580 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Kathleen.xz.0.dr.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/580-55-0x000007FEFB7E1000-0x000007FEFB7E3000-memory.dmp

Filesize
8KB

Download
memory/580-56-0x00000000004B0000-0x0000000000513000-memory.dmp

Filesize
396KB

Download