icedid | 3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109 | Triage

Analysis

max time kernel
52s
max time network
152s
platform
windows10_x64
resource
win10-20220414-en
submitted
23-05-2022 16:16

Sharing

Report Analysis Logs

General

Target

3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109.dll
Size

718KB
MD5

5a0e570b13623c79c9261a8a2cc41f04
SHA1

10f6f208907d25f5ec39060a8576ed8387d42c0e
SHA256

3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109
SHA512

bbe98f12bbcc0820b98c329df11b20ee69cf49300c31948462978b5d9b398f62374bd2075247c87c3f916ceae89ba1e7a8bd0b76b1e3747345f12f5cb25e2c70

Score

10^/10

icedid 109932505 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

109932505

C2

ilekvoyn.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

648 regsvr32.exe
648 regsvr32.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

regsvr32.exe

pid process

648 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/648-118-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download