icedid | 30f7e6a787e359b165a870828621b7c75e39cd2452abe8c707afb28e0b50870d | Triage

Analysis

max time kernel
104s
max time network
122s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-05-2023 09:08

Sharing

Report Analysis Logs

General

Target

jug.dll
Size

317KB
MD5

c0d45a442b3f1ef9d795e7b83c8fff4a
SHA1

b5f3bc186cac696e0664c32c1f4036414f1d5538
SHA256

30f7e6a787e359b165a870828621b7c75e39cd2452abe8c707afb28e0b50870d
SHA512

2a38fa803ad575028e715bcb7b4fc02f8009aa5bee22b3466df23e084ae8c304d717735f2aa0ccaf41ad9522f62909c0c92778b8e784ae55032b7ec468affcae
SSDEEP

6144:hiaIMPl3fdywZzWsIRhcY2EmQ77BkP7+sPI1AFT:hiaxP58X2ikP7U1A1

Score

10^/10

icedid 1023645195 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1023645195

C2

trallfasterinf.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Blocklisted process makes network request 2 IoCs

Processes:

rundll32.exe

flow pid process

2 1700 rundll32.exe
6 1700 rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1700 rundll32.exe
1700 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\jug.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-54-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download
memory/1700-61-0x0000000000190000-0x0000000000196000-memory.dmp

Filesize
24KB

Download