icedid | 437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
09-02-2022 16:44

Sharing

Report Analysis Logs

General

Target

437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd.dll
Size

607KB
MD5

87fffe8fbc029f03f158087b36db8629
SHA1

d0ae5672ef5aac051d1a845ee5968396258b7e4c
SHA256

437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd
SHA512

2f7d662b9221f53eb48046faa36db81980030055b71e9114f9d06db65940ca7f32d99cb4b58d470535ea3b15322f910a7b0a2eca435bde82b877eaeb38f29fdc

Score

10^/10

icedid 1732687004 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

976 regsvr32.exe
976 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/976-54-0x000007FEFBE61000-0x000007FEFBE63000-memory.dmp

Filesize
8KB

Download
memory/976-56-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download
memory/976-55-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download