icedid | 7909866a9dd6174fa51e54c57cd9d675602f395c40181ab49df2f4b971d3e2fc | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-05-2022 00:21

Sharing

Report Analysis Logs

General

Target

7909866a9dd6174fa51e54c57cd9d675602f395c40181ab49df2f4b971d3e2fc.dll
Size

297KB
MD5

d46361783ad06859219c08e602ce584b
SHA1

edda43f12fc840dd5e5e7d6df677e115320e261c
SHA256

7909866a9dd6174fa51e54c57cd9d675602f395c40181ab49df2f4b971d3e2fc
SHA512

f942f937148b5920715f73942690031f8fb3b727ada404d69c93344764b04adc5ce70e2edf31187d2239365f40e11af9fd586d62e9ebde33ca129fec3d02f61d

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

filopipilo.top

fihokiliopo.pw

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1944-56-0x0000000074730000-0x0000000074736000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1944-57-0x0000000074730000-0x0000000074787000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1944	1648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7909866a9dd6174fa51e54c57cd9d675602f395c40181ab49df2f4b971d3e2fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7909866a9dd6174fa51e54c57cd9d675602f395c40181ab49df2f4b971d3e2fc.dll,#1
2⤵
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-54-0x0000000000000000-mapping.dmp

Download
memory/1944-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/1944-56-0x0000000074730000-0x0000000074736000-memory.dmp

Filesize
24KB

Download
memory/1944-57-0x0000000074730000-0x0000000074787000-memory.dmp

Filesize
348KB

Download