icedid | 34216fd20582d86021dc492deecd457890a6f7d1c694557708ab7e041671450a | Triage

Analysis

max time kernel
152s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
02-05-2022 15:39

Sharing

Report Analysis Logs

General

Target

34216fd20582d86021dc492deecd457890a6f7d1c694557708ab7e041671450a.dll
Size

146KB
MD5

019e954706a40e8fdb42c7fcd9402e47
SHA1

865eb6b9189998cc66e883bdb3008d09c71d931e
SHA256

34216fd20582d86021dc492deecd457890a6f7d1c694557708ab7e041671450a
SHA512

c1e2a6cdb2fd41204cee4dc5b3ecc9e37b9c7d9562c8aa784d4d36f96f62506a3cad42bc7231a6e7b2cf30ba768b5f5adebab2bc386fc3db3db855b10174522c

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

likoncar.cyou

skrepamulan.cyou

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3924-131-0x0000000074CC0000-0x0000000074CF6000-memory.dmp	IcedidSecondLoader
behavioral2/memory/3924-132-0x0000000074CC0000-0x0000000074CC6000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4980 wrote to memory of 3924	4980	rundll32.exe	rundll32.exe
PID 4980 wrote to memory of 3924	4980	rundll32.exe	rundll32.exe
PID 4980 wrote to memory of 3924	4980	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34216fd20582d86021dc492deecd457890a6f7d1c694557708ab7e041671450a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34216fd20582d86021dc492deecd457890a6f7d1c694557708ab7e041671450a.dll,#1
2⤵
PID:3924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3924-130-0x0000000000000000-mapping.dmp

Download
memory/3924-131-0x0000000074CC0000-0x0000000074CF6000-memory.dmp

Filesize
216KB

Download
memory/3924-132-0x0000000074CC0000-0x0000000074CC6000-memory.dmp

Filesize
24KB

Download