icedid | 4e464218378946df0688bf7f51169482d1da4323ba76d69f224ed417c4b561f3 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows10_x64
resource
win10-en-20211104
submitted
29-11-2021 22:54

Sharing

Report Analysis Logs

General

Target

7814752e9e8f269e55459068717917804878c38e.dll
Size

344KB
MD5

60c8fbebba16716da4f9aa5f2268f942
SHA1

7814752e9e8f269e55459068717917804878c38e
SHA256

4e464218378946df0688bf7f51169482d1da4323ba76d69f224ed417c4b561f3
SHA512

1fdad86c4dbd9707ac5b7a3dc0b0c7c8e690e66d4da172c920b5b10235122ed42b8616d600fda98f8fd5ad4d53b2628758a2106c328b84acd3a3854bc939ef3d

Score

10^/10

icedid 2904573523 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2904573523

C2

placingapie.ink

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3596 regsvr32.exe
3596 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7814752e9e8f269e55459068717917804878c38e.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3596-118-0x0000000001DF0000-0x0000000001E53000-memory.dmp

Filesize
396KB

Download