icedid | 0eccb9598aae0e56658d15c231c193543b417baf480c2fd085c868bc6dacb4a5 | Triage

Analysis

max time kernel
98s
max time network
111s
platform
windows7_x64
resource
win7-20220331-en
submitted
05-04-2022 10:44

Sharing

Report Analysis Logs

General

Target

sample_0eccb9598aae0e56658d15c231c193543b417baf480c2fd085c868bc6dacb4a5.dll
Size

253KB
MD5

0dc327d0d54f20016c0fa8bced3b1b51
SHA1

df56e19538beca40ea2227ea9c70cbb4f6bf6acc
SHA256

0eccb9598aae0e56658d15c231c193543b417baf480c2fd085c868bc6dacb4a5
SHA512

b902c414796dd512fff64a4b48b57e04b8b6e4256fd5c3c8795f296c13066162a2949c6df303bbe5f2765f39111a6c34223c695204fd61cb488cc80480659299

Score

10^/10

icedid 3840329038 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3840329038

C2

hdtrenity.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1628 regsvr32.exe
1628 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\sample_0eccb9598aae0e56658d15c231c193543b417baf480c2fd085c868bc6dacb4a5.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1628-54-0x000007FEFBB01000-0x000007FEFBB03000-memory.dmp

Filesize
8KB

Download
memory/1628-55-0x0000000000180000-0x0000000000189000-memory.dmp

Filesize
36KB

Download
memory/1628-57-0x0000000000180000-0x0000000000189000-memory.dmp

Filesize
36KB

Download
memory/1628-56-0x0000000000180000-0x0000000000189000-memory.dmp

Filesize
36KB

Download