icedid | 57ea53af93562bd35e882e98a0f40481e816a54871ed3f4bb16a981371efb0ce | Triage

Analysis

max time kernel
79s
max time network
153s
platform
windows10_x64
resource
win10-en-20211208
submitted
21-02-2022 09:48

Sharing

Report Analysis Logs

General

Target

57ea53af93562bd35e882e98a0f40481e816a54871ed3f4bb16a981371efb0ce.dll
Size

490KB
MD5

cfd0da2d0d69f9df1d7fe409953832f5
SHA1

72f2f86fa83a51c30e733a147149c0fda2d71701
SHA256

57ea53af93562bd35e882e98a0f40481e816a54871ed3f4bb16a981371efb0ce
SHA512

42d8427ee3cd87fb7947519b7be9e28bcf8668ed9a713c50e6ebf44bdef877af1a53319cdee2f3ec12c375911b368b3c95487cd8daffb5d5e93dc98335f9aa70

Score

10^/10

icedid 3467965077 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1716 regsvr32.exe
1716 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\57ea53af93562bd35e882e98a0f40481e816a54871ed3f4bb16a981371efb0ce.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-114-0x0000000000700000-0x000000000070E000-memory.dmp

Filesize
56KB

Download