icedid | 1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6 | Triage

Resubmissions

08-02-2022 15:50

220208-s9ye9saaf5 10

08-02-2022 14:47

220208-r5vyxahcbn 10

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
08-02-2022 14:47

Sharing

Report Analysis Logs

General

Target

1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6.dll
Size

615KB
MD5

3bfef2a13f7cbbe2c872bef76adb676b
SHA1

dd972d20477223b75ffddf0b2e65b533a431aa14
SHA256

1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6
SHA512

5ef53f6cc283f38212c4818576bcaaee80518fc383639b4051e498778f60e1751be09c2738b4e8b9a21620a047e5e916e4effd7f48d1035779b35d9ae1a1e543

Score

10^/10

icedid 1732687004 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1744 regsvr32.exe
1744 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-54-0x000007FEFBE61000-0x000007FEFBE63000-memory.dmp

Filesize
8KB

Download
memory/1744-56-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download
memory/1744-55-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download