icedid | fb3a40e249ebffa480b40c6cddb2c2b7b9838236bf36d9f8d2f575c859e6e82d | Triage

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19-03-2022 07:47

Sharing

Report Analysis Logs

General

Target

fb3a40e249ebffa480b40c6cddb2c2b7b9838236bf36d9f8d2f575c859e6e82d.dll
Size

143KB
MD5

50c4de83c454b6189ff3790725b0cdaa
SHA1

1eded9bc8ef849de0b17ecaac93fbda8f148f3f4
SHA256

fb3a40e249ebffa480b40c6cddb2c2b7b9838236bf36d9f8d2f575c859e6e82d
SHA512

45241bacc22c435b491f7f8fb1ace3184a55f67755170e3cb620f7c80decbc83192bdb814958d8df5caaf105d9c68532caa75b7e6620114b076d652849860712

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

felpojdhf8980.cyou

azoperfdeoti85.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1992-130-0x0000000074C20000-0x0000000074C5A000-memory.dmp	IcedidSecondLoader
behavioral2/memory/1992-132-0x0000000074C20000-0x0000000074C26000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1516 wrote to memory of 1992	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 1992	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 1992	1516	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fb3a40e249ebffa480b40c6cddb2c2b7b9838236bf36d9f8d2f575c859e6e82d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fb3a40e249ebffa480b40c6cddb2c2b7b9838236bf36d9f8d2f575c859e6e82d.dll
2⤵
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-131-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/1992-130-0x0000000074C20000-0x0000000074C5A000-memory.dmp

Filesize
232KB

Download
memory/1992-132-0x0000000074C20000-0x0000000074C26000-memory.dmp

Filesize
24KB

Download