icedid | 14c55b751b375e41af83f4c53753ec849ef368396cfc0e2830d92fd31383fab7 | Triage

Analysis

max time kernel
134s
max time network
137s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-09-2022 15:11

Sharing

Report Analysis Logs

General

Target

4a94ea3988c8c83e6618aaa256ba3b6c.dll
Size

317KB
MD5

4a94ea3988c8c83e6618aaa256ba3b6c
SHA1

1ef1dc961fdc47643fb0572daee1d80c018bbd75
SHA256

14c55b751b375e41af83f4c53753ec849ef368396cfc0e2830d92fd31383fab7
SHA512

2d73dad533b0625ff32ed5fd256e4c58df0fae2ea8f0c6e5a0239aad210ee4fb439eb22062ce7c67d2e6813c9fe19a8d1d875d78a60b79c2effb21a57378ad2a
SSDEEP

6144:UiaIMPl3fdywZzWsIRhcY2EmQ77BkP7+sPI1AFN:UiaxP58X2ikP7U1AT

Score

10^/10

icedid 1023645195 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1023645195

C2

trallfasterinf.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Blocklisted process makes network request 3 IoCs

Processes:

rundll32.exe

flow pid process

2 1336 rundll32.exe
4 1336 rundll32.exe
5 1336 rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1336 rundll32.exe
1336 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a94ea3988c8c83e6618aaa256ba3b6c.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-54-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download
memory/1336-60-0x0000000000110000-0x0000000000116000-memory.dmp

Filesize
24KB

Download