icedid | 0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-en-20211104
submitted
26-11-2021 04:43

Sharing

Report Analysis Logs

General

Target

0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2.dll
Size

171KB
MD5

89d96985d6cb448bcc7c55065ce94810
SHA1

7354192276c40b7e8fb2e756cb76b4377f94c312
SHA256

0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2
SHA512

d165f992921d9ed3cb47e65c4bb6c30556c43f80ce6e74fbfddab03c7c365c3bba518e0e471499908f2eff252129e157c9922803220940fe2e940c3f8550ef39

Score

10^/10

icedid 3122682570 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3122682570

C2

iningsessi.ink

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1376 regsvr32.exe
1376 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

Filesize
8KB

Download
memory/1376-56-0x0000000000410000-0x0000000000473000-memory.dmp

Filesize
396KB

Download