icedid | 97e64043c891792188f4b0a812edccff9e1c584e30ffd57439eed1bf16fbf8d7 | Triage

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2022 10:25

Sharing

Report Analysis Logs

General

Target

ver123.dll
Size

96KB
MD5

3a0f9a2f3042ec8f0e9c7dacab887c07
SHA1

2ad64f42752a9e9d00849f5f18f8548f38e2d9ed
SHA256

4732870c3ad4e5993189dbdfbde5a111a2dbba0c0e8e5fae42cd5a83e82a07b8
SHA512

9dcfccb4aa715ebea459dcb2b75a31e532c762a61a0cb1577a9ee74b111523ad95c6de5b6d82c0b8405c938990f55e0b831be03ebf1418ba050e3c081dc6d739
SSDEEP

1536:d8EdnV7W/DpvDW5CdNtVd3MPVVKTJvfT2Y5fQ+vSwbCHJSjN+XzjWEt3aN:dFnk/D9UCdNtV+NSJvLhvSw8ShJE

Score

10^/10

icedid 1609463178 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

4332 rundll32.exe
4332 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ver123.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4332-132-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download
memory/4332-138-0x000002ABCC5C0000-0x000002ABCC5C6000-memory.dmp

Filesize
24KB

Download