icedid | 9858bc82710e11d9593a87706c0697bffdc6ad667db1f66c3087f0edccf2ab06 | Triage

Analysis

max time kernel
134s
max time network
165s
platform
windows7_x64
resource
win7-20220331-en
submitted
04-04-2022 18:57

Sharing

Report Analysis Logs

General

Target

9858bc82710e11d9593a87706c0697bffdc6ad667db1f66c3087f0edccf2ab06.dll
Size

550KB
MD5

b62b9fd07b07803cc8e44785dc8d5836
SHA1

060a7f2c6cc60aa92f9badcb222fd88b9755fb75
SHA256

9858bc82710e11d9593a87706c0697bffdc6ad667db1f66c3087f0edccf2ab06
SHA512

cbdabe4c576ebcea43aee39c5692990cf423fa849eb2e37db0ed1e7fca1c2943cfff8979f8c9861ce0474157ab26fc6f37b065f6244513786ddda389992157e7

Score

10^/10

icedid 3825802847 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3825802847

C2

cleverballs.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1752 regsvr32.exe
1752 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9858bc82710e11d9593a87706c0697bffdc6ad667db1f66c3087f0edccf2ab06.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-54-0x000007FEFB791000-0x000007FEFB793000-memory.dmp

Filesize
8KB

Download
memory/1752-55-0x0000000000120000-0x000000000012F000-memory.dmp

Filesize
60KB

Download