icedid | c154e3c6d04236e940af9e4ca1f5b44e354edba99ca6a6948e4c205fc73b6a14 | Triage

Analysis

max time kernel
262s
max time network
397s
platform
windows10_x64
resource
win10-20220223-en
submitted
11-03-2022 17:03

Sharing

Report Analysis Logs

General

Target

main.dll
Size

1.2MB
MD5

54a4016cf2d929ccea9ef47efbd96542
SHA1

b761fd0ff2a4f4394191e8a9bce4c586f131b8f0
SHA256

4bbd73e64d3fea6e61c91d419a0014985bd058d9adea2a7b4e863867aa79435d
SHA512

8fa4b15b7efed88810060f222ae5bb9248be9dd8145a329fe3f3494278d8e4826fd36948443cd3d568f55ab951dc1b9c96090c643abb1292036966357f1d63e3

Score

10^/10

icedid 2401334462 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3464 regsvr32.exe
3464 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\main.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3464-114-0x0000000000B10000-0x0000000000B1B000-memory.dmp

Filesize
44KB

Download