data.dll

General
Target

data.dll

Filesize

291KB

Completed

09-12-2021 14:32

Score
10/10
MD5

71c8eb081c33fd6b2c10effa92154a18

SHA1

8222ed4fcac2c7408e7fbb748af1752e72bb9b01

SHA256

baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3

Malware Config

Extracted

Family icedid
Campaign 870605016
C2

guguchrome.com

Signatures 2

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    732regsvr32.exe
    732regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\data.dll
    Suspicious behavior: EnumeratesProcesses
    PID:732
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/732-115-0x00000000009A0000-0x00000000009A9000-memory.dmp