icedid | d9ebead799968c3236411efd6c3d95cbe4bf9040f411872db5aab421cc0db9b0 | Triage

Analysis

max time kernel
144s
max time network
142s
platform
windows7_x64
resource
win7-en-20211208
submitted
03-02-2022 14:49

Sharing

Report Analysis Logs

General

Target

d9ebead799968c3236411efd6c3d95cbe4bf9040f411872db5aab421cc0db9b0.dll
Size

253KB
MD5

b90ab6cc2b24c85dbdc6d000d67253d8
SHA1

b51f2706213591f50bfecc994244c2fb668bb76e
SHA256

d9ebead799968c3236411efd6c3d95cbe4bf9040f411872db5aab421cc0db9b0
SHA512

e98c133f687adde9d2b6a133fc1bf0a90fff8241e9572410d16dc986deac61522a74f2dc0bd7046a8aa6d029aa2fcb4002f29b8cf65cda0df16d8f79554fa306

Score

10^/10

icedid 3840329038 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3840329038

C2

hdtrenity.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2020 regsvr32.exe
2020 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d9ebead799968c3236411efd6c3d95cbe4bf9040f411872db5aab421cc0db9b0.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-54-0x000007FEFC261000-0x000007FEFC263000-memory.dmp

Filesize
8KB

Download
memory/2020-55-0x0000000000100000-0x0000000000109000-memory.dmp

Filesize
36KB

Download
memory/2020-56-0x0000000000100000-0x0000000000109000-memory.dmp

Filesize
36KB

Download
memory/2020-57-0x0000000000100000-0x0000000000109000-memory.dmp

Filesize
36KB

Download