icedid | d9dd4c0a9811130aec6cd74dedb638aaf44ec733596f9a07244c646db4e210d7 | Triage

Analysis

max time kernel
162s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-05-2022 07:54

Sharing

Report Analysis Logs

General

Target

d9dd4c0a9811130aec6cd74dedb638aaf44ec733596f9a07244c646db4e210d7.dll
Size

149KB
MD5

f62feb7c31d4235bc5d71b7713ffe55e
SHA1

6df7bcba45dcd0b1a86631718968c8aa432fdb7a
SHA256

d9dd4c0a9811130aec6cd74dedb638aaf44ec733596f9a07244c646db4e210d7
SHA512

238f4175ce78662d5ffa7877fabef2c9109ed321bd1848d0fdc795ff62201c944a34173ee8ec6327ae8dc0ac35666f3a10edd650f073708bc823c1e231a1d9dc

Score

10^/10

icedid 3529509686 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3529509686

C2

oceriesfornot.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2568 regsvr32.exe
2568 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d9dd4c0a9811130aec6cd74dedb638aaf44ec733596f9a07244c646db4e210d7.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-130-0x0000000180000000-0x000000018000B000-memory.dmp

Filesize
44KB

Download