icedid | 46e20b3931c4550ade3e4abd395a289621ea3f42f6aa44c90083ebb7f7be2704 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows10_x64
resource
win10-en-20211104
submitted
30-11-2021 06:42

Sharing

Report Analysis Logs

General

Target

46e20b3931c4550ade3e4abd395a289621ea3f42f6aa44c90083ebb7f7be2704.dll
Size

344KB
MD5

2ee33ef3b24574c9fb54fd75e29fdf6e
SHA1

158a048f5f5feac85eb5791fbb25ba6aaf262712
SHA256

46e20b3931c4550ade3e4abd395a289621ea3f42f6aa44c90083ebb7f7be2704
SHA512

0655a316b91070c8275afba7ab8437da66cd8b00e4ddcc58c86fa28444deb66700d19e76e93329910c7e44ef28ec488556e2026221980b6aacaa804745a56c5e

Score

10^/10

icedid 2904573523 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2904573523

C2

placingapie.ink

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2716 regsvr32.exe
2716 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\46e20b3931c4550ade3e4abd395a289621ea3f42f6aa44c90083ebb7f7be2704.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-118-0x0000000002D80000-0x0000000002DE3000-memory.dmp

Filesize
396KB

Download