icedid | baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3 | Triage

Resubmissions

09-12-2021 14:30

211209-rt5zqscca5 10

Analysis

max time kernel
121s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
09-12-2021 14:30

Sharing

Report Analysis Logs

General

Target

data.dll
Size

291KB
MD5

71c8eb081c33fd6b2c10effa92154a18
SHA1

8222ed4fcac2c7408e7fbb748af1752e72bb9b01
SHA256

baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3
SHA512

ca689b439edd294b38f553fd69784f70e9d011b165dc8c68f070ed95c3cb2255fc33f0b44a90f372b98973aaafb36abc903b536e38727e9465985c21c23a3a0c

Score

10^/10

icedid 870605016 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

870605016

C2

guguchrome.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

732 regsvr32.exe
732 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\data.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/732-115-0x00000000009A0000-0x00000000009A9000-memory.dmp

Filesize
36KB

Download