icedid | 0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7 | Triage

Analysis

max time kernel
111s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-05-2022 20:32

Sharing

Report Analysis Logs

General

Target

0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7.dll
Size

702KB
MD5

9b692f43d575acb739decfc809db7f2e
SHA1

bc42c60590cb908e765e2d97e8b3a92b4616cd30
SHA256

0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7
SHA512

f99f546940bd96c6e9cac6a8500f25280ed190b9830247a5c7249d30a40fd1b4e3c94ca0455e337e77682a7a2b14a259b0aa4cf9680e9ccf727f71ae69873473

Score

10^/10

icedid 109932505 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

109932505

C2

ilekvoyn.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

4120 regsvr32.exe
4120 regsvr32.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

regsvr32.exe

pid process

4120 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4120-130-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download