icedid | 021621af85a3246204df742032e00540aaf1dda99fcf02fffcd2dbdd44521b00 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10_x64
resource
win10-en-20211208
submitted
21-02-2022 09:35

Sharing

Report Analysis Logs

General

Target

021621af85a3246204df742032e00540aaf1dda99fcf02fffcd2dbdd44521b00.dll
Size

490KB
MD5

7f8c636f9e04f9b4bfba36044bec983c
SHA1

b87e3652f3718f2d927f5fc76cc62a5e08850a50
SHA256

021621af85a3246204df742032e00540aaf1dda99fcf02fffcd2dbdd44521b00
SHA512

173cc2bf1a5fb261e1907fb72f7fee32d232cb798992ed6fbcf447e0752e4460df8439dcecea03f38b76333fc41b92503935fad733ca24efe846e7d71f9f8eed

Score

10^/10

icedid 3467965077 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1496 regsvr32.exe
1496 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\021621af85a3246204df742032e00540aaf1dda99fcf02fffcd2dbdd44521b00.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1496-114-0x0000000000E00000-0x0000000000E0E000-memory.dmp

Filesize
56KB

Download