icedid | 63770070208c532df8a7d41a391faff7c5280814bebd13b0b935f0fa80fc8e27 | Triage

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-05-2022 05:49

Sharing

Report Analysis Logs

General

Target

3cbc08dc4f11379f6e080a7b6dad3e2f7c53202e08f461100f4ce4f5b869811a_unpacked.dll
Size

13KB
MD5

f425f1defd562e22a3a62fb5bc141cb1
SHA1

d7bfce77cad7d605e35538c2501a522015e3e3c2
SHA256

63770070208c532df8a7d41a391faff7c5280814bebd13b0b935f0fa80fc8e27
SHA512

693385bea3207cb2d3eaca0b57c46f70e9ded1b9abc1dc490cee0ca63921abcb37ae95f9b2023e00acbc754cbff781632dccba0629efd8141642e6818d3d354a

Score

10^/10

icedid 3000901376 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3000901376

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1528 regsvr32.exe
1528 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3cbc08dc4f11379f6e080a7b6dad3e2f7c53202e08f461100f4ce4f5b869811a_unpacked.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1528-54-0x000007FEFC3E1000-0x000007FEFC3E3000-memory.dmp

Filesize
8KB

Download