icedid | b7dcbb82cb674265b75afb54c2a614c9652bdd399e48c8cfe60845dd28e37ee3 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
28-06-2022 18:11

Sharing

Report Analysis Logs

General

Target

b7dcbb82cb674265b75afb54c2a614c9652bdd399e48c8cfe60845dd28e37ee3.dll
Size

13KB
MD5

b3ce8229bd3b8a405e2d66f6ede1fc53
SHA1

1796045b06dfde752a632e2b97e13a7e8190acac
SHA256

b7dcbb82cb674265b75afb54c2a614c9652bdd399e48c8cfe60845dd28e37ee3
SHA512

f270ee55aa769969832dc63ddfc673583934f8d056efbbcb5b3daff800bc0d6ec49d30a88b834be8243d2216681e7807f1e4979162e7b17326ed0abd5a5f81b6

Score

10^/10

icedid 3568430872 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3568430872

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

872 regsvr32.exe
872 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b7dcbb82cb674265b75afb54c2a614c9652bdd399e48c8cfe60845dd28e37ee3.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/872-54-0x000007FEFBF21000-0x000007FEFBF23000-memory.dmp

Filesize
8KB

Download