icedid | bc844a1ed0a9c736670093e799d5b7855f3997c1508e6561e779870fd9a70165 | Triage

Analysis

max time kernel
22s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/05/2023, 20:11

Sharing

Report Analysis Logs

General

Target

svin2.dll
Size

283KB
MD5

2c53aea2a3b5f3654a2d5efe0911228d
SHA1

1818b2d9580b12a218d422f3113e6db9d819b2d5
SHA256

bc844a1ed0a9c736670093e799d5b7855f3997c1508e6561e779870fd9a70165
SHA512

c5c22d73d6741304613b7b9fbf2f2d84c96abd512d45470836c7ad9e550fa17598d02fc5ec9ca62c6d7276400d952e4c8950a04f0c5927e83659b48d85fada13
SSDEEP

6144:MvSzzmddWBNj9W25QOanppxBDzrjohKwGfFuZziM:MvSzz0dWBNjkyhappjjoS6iM

Score

10^/10

icedid 3887211302 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3887211302

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1484	regsvr32.exe
1484	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\svin2.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1484-54-0x00000000001B0000-0x00000000001BD000-memory.dmp

Filesize
52KB

Download
memory/1484-55-0x00000000001B0000-0x00000000001BD000-memory.dmp

Filesize
52KB

Download