icedid | 6090a706d8dd0d654ee0104e9935bd9b13e8c4c23c095d5b9d58954c94121c7b | Triage

Analysis

max time kernel
116s
max time network
153s
platform
windows10_x64
resource
win10-en-20211208
submitted
21-02-2022 09:48

Sharing

Report Analysis Logs

General

Target

6090a706d8dd0d654ee0104e9935bd9b13e8c4c23c095d5b9d58954c94121c7b.dll
Size

490KB
MD5

e4913d3cf85a10a53e365ce96be8e7d2
SHA1

2e0b999d85056f110ff073f86233c97902b1e4e4
SHA256

6090a706d8dd0d654ee0104e9935bd9b13e8c4c23c095d5b9d58954c94121c7b
SHA512

6aae7f5769ed641781d55cad7dbb372d5b94a5eb88cdcfc2837353f8405eb068ef01bafffe8f7eb8c98b7ad855e4fb4c4fe1a5c5c0ed37b0bfbf2b3789526326

Score

10^/10

icedid 3467965077 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1800 regsvr32.exe
1800 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6090a706d8dd0d654ee0104e9935bd9b13e8c4c23c095d5b9d58954c94121c7b.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-114-0x0000000000BD0000-0x0000000000BDE000-memory.dmp

Filesize
56KB

Download