icedid | f65e7788b966d3fffa3a2161af96cc7d8a73b6b51671f81c99d1e62c3d78a870 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10_x64
resource
win10-en-20211208
submitted
21-02-2022 09:48

Sharing

Report Analysis Logs

General

Target

f65e7788b966d3fffa3a2161af96cc7d8a73b6b51671f81c99d1e62c3d78a870.dll
Size

490KB
MD5

03a162a55b1120634270d28e48ced24a
SHA1

ef16cd563bd8cf10e1ac406bc2ead1d7bf37eda4
SHA256

f65e7788b966d3fffa3a2161af96cc7d8a73b6b51671f81c99d1e62c3d78a870
SHA512

1d5b73eabd31724775e0c1d3aa8d70276e84121f1aa15cfa81d5dae86ee7a73410b9eda382736c907b1e2a4c27503b64139a112a43666c9604060f3a3b66a096

Score

10^/10

icedid 3467965077 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1520 regsvr32.exe
1520 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f65e7788b966d3fffa3a2161af96cc7d8a73b6b51671f81c99d1e62c3d78a870.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-114-0x0000000000A80000-0x0000000000A8E000-memory.dmp

Filesize
56KB

Download