icedid | 59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e | Triage

Analysis

max time kernel
151s
max time network
147s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 13:32

Sharing

Report Analysis Logs

General

Target

59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll
Size

185KB
MD5

6740fdbc5bc590227fa90d486e6b8724
SHA1

a7112baf410fb84e2816ea287a6efbf799457e8f
SHA256

59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e
SHA512

10fb057e27c129e68045e8d0288341ec477635f209019380c67c3454439d61cff8912885261a996179b100287b998f4242196e6eb45e6120ab20809dcb1557cd

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

june85.cyou

golddisco.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/452-56-0x0000000075020000-0x000000007505E000-memory.dmp	IcedidSecondLoader
behavioral1/memory/452-57-0x0000000075020000-0x0000000075026000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 452	1996	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll,#1
2⤵
PID:452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/452-54-0x0000000000000000-mapping.dmp

Download
memory/452-55-0x0000000075381000-0x0000000075383000-memory.dmp

Filesize
8KB

Download
memory/452-56-0x0000000075020000-0x000000007505E000-memory.dmp

Filesize
248KB

Download
memory/452-57-0x0000000075020000-0x0000000075026000-memory.dmp

Filesize
24KB

Download