icedid | 8e7461b745f9da80db428a969ee3e54bd8525b714c8cd2d2b4404f4e06ecd6a1

Analysis

max time kernel
113s
max time network
131s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
02/07/2023, 19:09

Target

Malicious_8e7461b745f9da80db428a969ee3e54bd8525b714c8cd2d2b4404f4e06ecd6a1.dll
Size

64KB
MD5

80237331f89eb1595bd724f6b69c6db6
SHA1

2e366edba70f48d91e6f6f7b54ce98642daccb9e
SHA256

8e7461b745f9da80db428a969ee3e54bd8525b714c8cd2d2b4404f4e06ecd6a1
SHA512

3349c91e0c46ffcd63ebab7220a4b499d81bda765474f39525c4745bc3909e81da8d8768f47b5c3edfa9d91b7f85777912bca36c1e0b1e0a37f697f8d6a48f0d
SSDEEP

1536:roBHSfku/TguqNKM6C6E+YUv3EXmYOiKsU:roBS8Q0R68Xys

Score

10^/10

Family

icedid

Campaign

2046050

calldivorce.fun

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

loader

resource	yara_rule
behavioral1/memory/836-54-0x00000000001B0000-0x00000000001B7000-memory.dmp	IcedidFirstLoader
behavioral1/memory/836-55-0x00000000001B0000-0x00000000001B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
836	regsvr32.exe
836	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_8e7461b745f9da80db428a969ee3e54bd8525b714c8cd2d2b4404f4e06ecd6a1.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:836

memory/836-54-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download
memory/836-55-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download