icedid | 7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9 | Triage

Analysis

max time kernel
160s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19-03-2022 12:50

Sharing

Report Analysis Logs

General

Target

7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll
Size

120KB
MD5

b2b8bb419ba5c755a2421fa4837edb8a
SHA1

5c6b77d47ab76bbb18be66406b312279ac8d3a43
SHA256

7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9
SHA512

4a956933949a581124c6dfbdbe85da6cd202c0b9f7f7dacca12ca221c580ee63487af0c4f82c6c896febc97c3974b4ef85d60d735c5bc95b5618a4e616731d99

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

cloudsappert.best

arrowcaps.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4360-130-0x00000000755A0000-0x00000000755A6000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4360-131-0x00000000755A0000-0x00000000755D2000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4300 wrote to memory of 4360	4300	rundll32.exe	rundll32.exe
PID 4300 wrote to memory of 4360	4300	rundll32.exe	rundll32.exe
PID 4300 wrote to memory of 4360	4300	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll,#1
2⤵
PID:4360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4360-130-0x00000000755A0000-0x00000000755A6000-memory.dmp

Filesize
24KB

Download
memory/4360-132-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/4360-131-0x00000000755A0000-0x00000000755D2000-memory.dmp

Filesize
200KB

Download