icedid | c82715c83b56ae300e9f2edde73a42e1a737178e17939738030d01f4f9399e51 | Triage

Analysis

max time kernel
133s
max time network
142s
platform
windows7_x64
resource
win7-20220331-en
submitted
05-04-2022 11:12

Sharing

Report Analysis Logs

General

Target

sample_c82715c83b56ae300e9f2edde73a42e1a737178e17939738030d01f4f9399e51.dll
Size

553KB
MD5

212629836cce8e997c4cce3c5bf4e0e4
SHA1

9ffeecde7cad6feffad74f11f8852e8c0efb09bb
SHA256

c82715c83b56ae300e9f2edde73a42e1a737178e17939738030d01f4f9399e51
SHA512

a76aee161d23ee1d8ebcd3c9f85375cc6f1d0db1fcff4ec4f8b0ae3c976f700f177f648ca7cdd19cc562e581a5f802b95d01147e4aba499074c3e387af116538

Score

10^/10

icedid 3960091620 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3960091620

C2

magnesiumik.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1080 regsvr32.exe
1080 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\sample_c82715c83b56ae300e9f2edde73a42e1a737178e17939738030d01f4f9399e51.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-54-0x000007FEFBF61000-0x000007FEFBF63000-memory.dmp

Filesize
8KB

Download
memory/1080-55-0x0000000000100000-0x0000000000107000-memory.dmp

Filesize
28KB

Download
memory/1080-57-0x0000000000100000-0x0000000000107000-memory.dmp

Filesize
28KB

Download
memory/1080-56-0x0000000000100000-0x0000000000107000-memory.dmp

Filesize
28KB

Download