icedid | 658c58098d53a58a5ac99389167280f5d47e29ed184c6e60e19241823ce49a94 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-en-20211208
submitted
08-02-2022 21:00

Sharing

Report Analysis Logs

General

Target

658c58098d53a58a5ac99389167280f5d47e29ed184c6e60e19241823ce49a94.dll
Size

607KB
MD5

312c1ba3975e1ed9a0122ae2a8d1540e
SHA1

7bd06ef45eed15d2b2cda357840bbfa7963e5edb
SHA256

658c58098d53a58a5ac99389167280f5d47e29ed184c6e60e19241823ce49a94
SHA512

4688040f647f49736f16cc32b9f8a1203a62ab51e8409f8ed757337b21e084657b8a3db951efe97e1a4d3bea3c969fb64f2b2547c029c4606f3d9e563f7590cf

Score

10^/10

icedid 1732687004 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1680 regsvr32.exe
1680 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\658c58098d53a58a5ac99389167280f5d47e29ed184c6e60e19241823ce49a94.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-55-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/1680-57-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/1680-56-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download