icedid | 830a586ad97332d541b7353d4553807cafdc6f21a23c55757383d1b29dbf396d | Triage

Analysis

max time kernel
4294207s
max time network
127s
platform
windows7_x64
resource
win7-20220311-en
submitted
19-03-2022 15:46

Sharing

Report Analysis Logs

General

Target

830a586ad97332d541b7353d4553807cafdc6f21a23c55757383d1b29dbf396d.dll
Size

238KB
MD5

38518b0713026785736eda1f64ec5186
SHA1

943cd9be58bf264a4cd941d99af6266cd735e354
SHA256

830a586ad97332d541b7353d4553807cafdc6f21a23c55757383d1b29dbf396d
SHA512

eacfbc5ebad4bf534b07c5d0020d3b31d45f41ca747a5d8b8c4246e4c352db3411133e1504535efd8824b69540db4358a4bbb43defac0343334f8b26d638f8ad

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

felpojdhf8980.cyou

azoperfdeoti85.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1924-55-0x0000000074E40000-0x0000000074E8F000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1924-57-0x0000000074E40000-0x0000000074E46000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 1924	1072	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\830a586ad97332d541b7353d4553807cafdc6f21a23c55757383d1b29dbf396d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\830a586ad97332d541b7353d4553807cafdc6f21a23c55757383d1b29dbf396d.dll,#1
2⤵
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-54-0x00000000763D1000-0x00000000763D3000-memory.dmp

Filesize
8KB

Download
memory/1924-56-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/1924-55-0x0000000074E40000-0x0000000074E8F000-memory.dmp

Filesize
316KB

Download
memory/1924-57-0x0000000074E40000-0x0000000074E46000-memory.dmp

Filesize
24KB

Download