icedid | c4c1c45e10181bc27f66025881c8c10c7fcdcc6d6c0827b48140d0002420c6bc | Triage

Analysis

max time kernel
138s
max time network
142s
platform
windows10_x64
resource
win10-en-20211208
submitted
21-02-2022 09:44

Sharing

Report Analysis Logs

General

Target

c4c1c45e10181bc27f66025881c8c10c7fcdcc6d6c0827b48140d0002420c6bc.dll
Size

490KB
MD5

38f9353ee7f68d54d0a8c246b805eacb
SHA1

3dddc3acf50a02a454a3b31b07fdf299696a6547
SHA256

c4c1c45e10181bc27f66025881c8c10c7fcdcc6d6c0827b48140d0002420c6bc
SHA512

f7a521093729cbb258c89b23d1b098e8a612b22cd427f1f7be5d65fe29e9fabb398c7f8b4363ef30d8bf78e6e0cf9732975278177421b0402b80d2863442bb44

Score

10^/10

icedid 3467965077 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1516 regsvr32.exe
1516 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c4c1c45e10181bc27f66025881c8c10c7fcdcc6d6c0827b48140d0002420c6bc.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-114-0x0000000000CC0000-0x0000000000CCE000-memory.dmp

Filesize
56KB

Download