icedid | c999c63803e6f12ad88fdb8b16b3673f631532ddf049ac740c4b4290f6b166de | Triage

Analysis

max time kernel
157s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
02-05-2022 11:51

Sharing

Report Analysis Logs

General

Target

c999c63803e6f12ad88fdb8b16b3673f631532ddf049ac740c4b4290f6b166de.dll
Size

389KB
MD5

1bba35498fa89e6de3f72796aef22ec9
SHA1

5c8232f4261c1637d9801e22a0be719e70340623
SHA256

c999c63803e6f12ad88fdb8b16b3673f631532ddf049ac740c4b4290f6b166de
SHA512

9bd7892cb2495a3fedf92acdccf4981eeebf6e6ee023cd520e63000dc5bbb300f560fdf6147ab4157cfb046dac7ce5dc70cd6bfb524951121680179b97bf8458

Score

10^/10

icedid 2528826304 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2528826304

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

4892 regsvr32.exe
4892 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c999c63803e6f12ad88fdb8b16b3673f631532ddf049ac740c4b4290f6b166de.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...