icedid | a54a6bfba5d631f6ff4d5f3994c987956a91c74f9b4082704a1056924fca26d7 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 19:34

Sharing

Report Analysis Logs

General

Target

a54a6bfba5d631f6ff4d5f3994c987956a91c74f9b4082704a1056924fca26d7.dll
Size

13KB
MD5

ec1eae0a42f0580e0487e2da9426467b
SHA1

6b1868f8e7bdce59b0a01f19a83502b824fbd650
SHA256

a54a6bfba5d631f6ff4d5f3994c987956a91c74f9b4082704a1056924fca26d7
SHA512

98329c6cc6ebd45b2be056882b557f3dca3b8bb5451d5a9e7a80be41b49882970f96b2d1179b8d0512ebe1e6ad26c213255508f9a4b6d1723edbe1155cc7b72e

Score

10^/10

icedid 1842176049 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1842176049

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

536 regsvr32.exe
536 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a54a6bfba5d631f6ff4d5f3994c987956a91c74f9b4082704a1056924fca26d7.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/536-54-0x000007FEFB721000-0x000007FEFB723000-memory.dmp

Filesize
8KB

Download