icedid | 0dd1fe05bd7a7009f3fec1f0cd35aaccbb8893fe117bb2f8a3df2b8dabe2c5aa | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10_x64
resource
win10-en-20211208
submitted
21-02-2022 09:48

Sharing

Report Analysis Logs

General

Target

0dd1fe05bd7a7009f3fec1f0cd35aaccbb8893fe117bb2f8a3df2b8dabe2c5aa.dll
Size

490KB
MD5

5c1f1ce1edab3b9fc2e31969763de32c
SHA1

635d5e0678ee9d9bb843a7b73ef581578a9cb7bf
SHA256

0dd1fe05bd7a7009f3fec1f0cd35aaccbb8893fe117bb2f8a3df2b8dabe2c5aa
SHA512

d9c20c87f7fc7ba5b93466c5da75ebcc2af8eaf4f10684457e6382961540582e39c0472318549a56fc0c80184df9cae3f3386a1866bf0bf016725132515289a2

Score

10^/10

icedid 3467965077 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1796 regsvr32.exe
1796 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0dd1fe05bd7a7009f3fec1f0cd35aaccbb8893fe117bb2f8a3df2b8dabe2c5aa.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-114-0x0000000000D40000-0x0000000000D4E000-memory.dmp

Filesize
56KB

Download