icedid | f2e08df6880d599f89c5b4d5497164ab4489e79c233555c53031a90b02d11f51 | Triage

Analysis

max time kernel
445s
max time network
458s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
25-02-2022 20:47

Sharing

Report Analysis Logs

General

Target

f2e08df6880d599f89c5b4d5497164ab4489e79c233555c53031a90b02d11f51.dll
Size

596KB
MD5

7f2fe3d160080e09ea51d58ab0e1ae8f
SHA1

5a84cccf6640f5cd8ea69e93ccbb97aa15f0968e
SHA256

f2e08df6880d599f89c5b4d5497164ab4489e79c233555c53031a90b02d11f51
SHA512

978bfecf51833c4ea03bddccac1c3325cf2b67d8083ae5be87e882e807af51b09c181a2b44f36ab03ecdc38be6e018e1d233e9030d3f029fea1e906df26ed0c5

Score

10^/10

icedid 1117948791 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1117948791

C2

reseptors.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

516 regsvr32.exe
516 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f2e08df6880d599f89c5b4d5497164ab4489e79c233555c53031a90b02d11f51.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p
1⤵
PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/516-132-0x0000000002110000-0x000000000211E000-memory.dmp

Filesize
56KB

Download