icedid | e94a2ce41231a353fd2eb7eb1d259781b54321657bbd799b380e550cd0bfd9bc | Triage

Analysis

max time kernel
130s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2022 15:31

Sharing

Report Analysis Logs

General

Target

7b0dff7f5bb6fd419cf93ba48dc5480f.dll
Size

317KB
MD5

7b0dff7f5bb6fd419cf93ba48dc5480f
SHA1

bae1bd20f114d25e67a53fa6a6202ca4dcfd3dfa
SHA256

e94a2ce41231a353fd2eb7eb1d259781b54321657bbd799b380e550cd0bfd9bc
SHA512

01e1c035377204e77097aea470147dee800a965700452af7b8c232bc9a9d99001635a170a31cae7325c8fde363d7d2ce9b458c06a2cdbb3a8a4cc7e8ebca5c78
SSDEEP

6144:iiaIMPl3fdywZzWsIRhcY2EmQ77BkP7+sPI1AF1:iiaxP58X2ikP7U1Af

Score

10^/10

icedid 1023645195 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1023645195

C2

trallfasterinf.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Blocklisted process makes network request 3 IoCs

Processes:

rundll32.exe

flow pid process

10 4600 rundll32.exe
33 4600 rundll32.exe
35 4600 rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

4600 rundll32.exe
4600 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b0dff7f5bb6fd419cf93ba48dc5480f.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4600-132-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download
memory/4600-138-0x000001CD9AF90000-0x000001CD9AF96000-memory.dmp

Filesize
24KB

Download