icedid | 75285d458acf88653c455a1adf63c2bb9a80b74484d38d02f3cd45f99cd14d50 | Triage

Analysis

max time kernel
157s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
02-05-2022 15:39

Sharing

Report Analysis Logs

General

Target

75285d458acf88653c455a1adf63c2bb9a80b74484d38d02f3cd45f99cd14d50.dll
Size

104KB
MD5

1f1a05263fe052e690a783a6829b6e55
SHA1

123b5174e61a8db9d24e32edc83079e08a572fe9
SHA256

75285d458acf88653c455a1adf63c2bb9a80b74484d38d02f3cd45f99cd14d50
SHA512

a03a1edd22d01427bdd3671ff125346adca8ba4da95a65121bf00a636d26458f069322ee1138602c4a6c5f0135aca464ace74f5b9406f6ccad201e35cc6e7195

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

whiskeybravo.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3360-131-0x0000000075710000-0x0000000075716000-memory.dmp	IcedidFirstLoader
behavioral2/memory/3360-132-0x0000000075710000-0x000000007573A000-memory.dmp	IcedidFirstLoader

Blocklisted process makes network request 6 IoCs

Processes:

rundll32.exe

flow pid process

39 3360 rundll32.exe
43 3360 rundll32.exe
56 3360 rundll32.exe
58 3360 rundll32.exe
77 3360 rundll32.exe
80 3360 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4320 wrote to memory of 3360	4320	rundll32.exe	rundll32.exe
PID 4320 wrote to memory of 3360	4320	rundll32.exe	rundll32.exe
PID 4320 wrote to memory of 3360	4320	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75285d458acf88653c455a1adf63c2bb9a80b74484d38d02f3cd45f99cd14d50.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75285d458acf88653c455a1adf63c2bb9a80b74484d38d02f3cd45f99cd14d50.dll,#1
2⤵
- Blocklisted process makes network request
PID:3360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3360-130-0x0000000000000000-mapping.dmp

Download
memory/3360-131-0x0000000075710000-0x0000000075716000-memory.dmp

Filesize
24KB

Download
memory/3360-132-0x0000000075710000-0x000000007573A000-memory.dmp

Filesize
168KB

Download