icedid | 3a559caa15750faca2cccfeb538b33edc569e79d69a7d6c5665e341ba5e76261 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
25-06-2022 13:30

Sharing

Report Analysis Logs

General

Target

3a559caa15750faca2cccfeb538b33edc569e79d69a7d6c5665e341ba5e76261.dll
Size

13KB
MD5

c2abdd316158251fb32f4df20ed3dc8e
SHA1

6b5503e4c0380bc6800033090ccb765a3599ffcb
SHA256

3a559caa15750faca2cccfeb538b33edc569e79d69a7d6c5665e341ba5e76261
SHA512

9fcf5d2da32ce776beb0bd86e0f3c5b4456246c6f27e1cab773d5525adee7e90ba7a328301014fd343d4b8caed182bed2dab6b9d01efd8c509550ec0f681d0ce

Score

10^/10

icedid 3585208491 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3585208491

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1756 regsvr32.exe
1756 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3a559caa15750faca2cccfeb538b33edc569e79d69a7d6c5665e341ba5e76261.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

Filesize
8KB

Download