icedid | 275cc0e74f49684fc38ea1084b1cc332c7cdcca7ab8ac0700487bf00eda9c91d | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows10_x64
resource
win10-en-20211014
submitted
24-11-2021 16:59

Sharing

Report Analysis Logs

General

Target

lbtjxtqmrfi.dll
Size

238KB
MD5

a8913b58338588117e971624e77673df
SHA1

42bd069c90380f45e90b48189ea67c757f7add50
SHA256

275cc0e74f49684fc38ea1084b1cc332c7cdcca7ab8ac0700487bf00eda9c91d
SHA512

b7a1b9324993fe582262526f2c3981408fdef835434bed22d8d885120528bfac6652ab6abfbccb073af2cacac8f4effaf42b47fdffa7617bfc27c6b104c11a57

Score

10^/10

icedid 4191098835 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

4191098835

C2

overpasta.ink

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2480 regsvr32.exe
2480 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\lbtjxtqmrfi.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2480-115-0x00000000027D0000-0x0000000002833000-memory.dmp

Filesize
396KB

Download