icedid | 741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85 | Triage

Analysis

max time kernel
167s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
16-05-2022 14:04

Sharing

Report Analysis Logs

General

Target

741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85.dll
Size

224KB
MD5

072288accefa8457d435b21f7220deac
SHA1

81bcda74daa9f510e258e7c592588a0bc2fe9b3d
SHA256

741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85
SHA512

18d6e0f33277a97597ecd033625f740e8884a89fce8d96e27e2bbaba0a3025a6b62ea05dfc9f7eda3cb5084d7705ea066d6b534c31abac2f76110568b31b1142

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

loadberlin.casa

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4348-131-0x0000000074AF0000-0x0000000074AF6000-memory.dmp	IcedidFirstLoader
behavioral2/memory/4348-132-0x0000000074AF0000-0x0000000074B34000-memory.dmp	IcedidFirstLoader

Blocklisted process makes network request 5 IoCs

Processes:

rundll32.exe

flow pid process

21 4348 rundll32.exe
34 4348 rundll32.exe
46 4348 rundll32.exe
51 4348 rundll32.exe
53 4348 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1436 wrote to memory of 4348	1436	rundll32.exe	rundll32.exe
PID 1436 wrote to memory of 4348	1436	rundll32.exe	rundll32.exe
PID 1436 wrote to memory of 4348	1436	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85.dll,#1
2⤵
- Blocklisted process makes network request
PID:4348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4348-130-0x0000000000000000-mapping.dmp

Download
memory/4348-131-0x0000000074AF0000-0x0000000074AF6000-memory.dmp

Filesize
24KB

Download
memory/4348-132-0x0000000074AF0000-0x0000000074B34000-memory.dmp

Filesize
272KB

Download