icedid | 9fcbbed0d0dec40e198e75f4f6fbc05b1f369d3a12bd40897b559a898d2193b3 | Triage

Analysis

max time kernel
121s
max time network
152s
platform
windows10_x64
resource
win10-en-20211104
submitted
02-12-2021 15:46

Sharing

Report Analysis Logs

General

Target

d44aaa3976c4c449759289b74d71501b.dll
Size

191KB
MD5

d44aaa3976c4c449759289b74d71501b
SHA1

8c247f093b4955b1827bda3159371f2d609e1bb0
SHA256

9fcbbed0d0dec40e198e75f4f6fbc05b1f369d3a12bd40897b559a898d2193b3
SHA512

c5dbdebd99b2746a6de76c21ef9e47e4ef6930080e53da7a98fff9772fb68efef2e0ed1f5dbbd2f4ab036ffc86df716e25bcc3eee1d389468956238e47c64f6e

Score

10^/10

icedid 3494996616 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3494996616

C2

zanokiryq.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

4296 regsvr32.exe
4296 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d44aaa3976c4c449759289b74d71501b.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4296-118-0x00000000020A0000-0x0000000002103000-memory.dmp

Filesize
396KB

Download