icedid | 05763b143246031434fb393e4ba46ffd1a303f8e7436affe22509c7e5a4b95e8 | Triage

Analysis

max time kernel
129s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2022 16:40

Sharing

Report Analysis Logs

General

Target

c03cbe2b79ef33b927782a5350512fa7.dll
Size

358KB
MD5

c03cbe2b79ef33b927782a5350512fa7
SHA1

9f2f17571f8b1389f0da59f304b4def7ae1adfcb
SHA256

05763b143246031434fb393e4ba46ffd1a303f8e7436affe22509c7e5a4b95e8
SHA512

e2e5a930e70623d408bc582ddbdf1f59c8726d07203335c84a1a63b57c339d2207c61bc1d66b2455b0fa9c11d5056b551bfe68ba966598530d8301f40c13fa92
SSDEEP

6144:x6HdvqSwNOTzZLen7qACQ9j6pSHP7csiU302dw9qOr:4PLQHP7AX2djOr

Score

10^/10

icedid 2432960414 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2432960414

C2

zalikomanperis.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Blocklisted process makes network request 3 IoCs

Processes:

rundll32.exe

flow pid process

33 628 rundll32.exe
66 628 rundll32.exe
68 628 rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

628 rundll32.exe
628 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c03cbe2b79ef33b927782a5350512fa7.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/628-132-0x000001AE28080000-0x000001AE28086000-memory.dmp

Filesize
24KB

Download
memory/628-133-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download