icedid | 761a643ab6c21137540dac5382c855c329c991581b3ab8b637dd541e09b6824d | Triage

Analysis

max time kernel
52s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
22-03-2022 20:33

Sharing

Report Analysis Logs

General

Target

BFB4B9B655E9DB3CC719581DEB44193F.dll
Size

148KB
MD5

bfb4b9b655e9db3cc719581deb44193f
SHA1

39f71512c9ff6571a4b59616b27b521f861ff9c8
SHA256

761a643ab6c21137540dac5382c855c329c991581b3ab8b637dd541e09b6824d
SHA512

295a5b27882a3cdc73b9426c45e5b7d51c4b0c52142551f203dff75d271c989f1577cd6d1191e8d533a737350fb15130b802e0340e46d008f82e89531eb671d9

Score

10^/10

icedid 3529509686 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3529509686

C2

oceriesfornot.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3492 regsvr32.exe
3492 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\BFB4B9B655E9DB3CC719581DEB44193F.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3492-134-0x0000000180000000-0x000000018000B000-memory.dmp

Filesize
44KB

Download