icedid | 8578d45fd02aceddc838ff94e21b10a29deb3e2cc92099c9b54802504c88a56a | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-en-20211208
submitted
03-01-2022 14:57

Sharing

Report Analysis Logs

General

Target

mal_0.bin.dll
Size

179KB
MD5

11b28ecbd7ade350eee6d25b6fae707c
SHA1

10e85bf7c61223f43d0d2fdebd4c5a35a5156539
SHA256

8578d45fd02aceddc838ff94e21b10a29deb3e2cc92099c9b54802504c88a56a
SHA512

6b27ec9dd3c0dbeae2b14ad927a09f8c6347b2c29ff675859e1a42723b077a8f840d74a292008aa037bc4759350e0f6c5deff7962809847fd1bdcd1041873d97

Score

10^/10

icedid 2507181075 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

2507181075

C2

vopnoz.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1640 regsvr32.exe
1640 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\mal_0.bin.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-54-0x000007FEFC0E1000-0x000007FEFC0E3000-memory.dmp

Filesize
8KB

Download
memory/1640-56-0x000007FFFFFA0000-0x000007FFFFFA9000-memory.dmp

Filesize
36KB

Download
memory/1640-55-0x000007FFFFFA0000-0x000007FFFFFA9000-memory.dmp

Filesize
36KB

Download
memory/1640-57-0x000007FFFFFA0000-0x000007FFFFFA9000-memory.dmp

Filesize
36KB

Download