icedid | eb78feabc81935e03997ea5fe5e8215438d9812713f7ea1185faee55d4a5bb0a

Analysis

max time kernel
91s
max time network
104s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
02-07-2023 19:13

Target

Malicious_eb78feabc81935e03997ea5fe5e8215438d9812713f7ea1185faee55d4a5bb0a.dll
Size

64KB
MD5

5a83608a69fc4cc389df17825cbdca8e
SHA1

0923f6919dfd59f6d6a0cf57c282c8f4310af826
SHA256

eb78feabc81935e03997ea5fe5e8215438d9812713f7ea1185faee55d4a5bb0a
SHA512

1254d7ffcad47a47de0d64857e23f2f8777e069623247096960b7eb0070435e49ec47fe431ec5b2b850f4ddb890b3302ef61cd9fd1e2576a0bce86c8f8e6e5db
SSDEEP

1536:roBHSfku/TguqNKM6C6E+YUv3EXmYOiKsU:roBS8Q0R68Xys

Score

10^/10

Family

icedid

Campaign

2046050

calldivorce.fun

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

loader

Processes:

resource	yara_rule
behavioral1/memory/1696-54-0x00000000003B0000-0x00000000003B7000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1696-55-0x00000000003B0000-0x00000000003B7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1696 regsvr32.exe
1696 regsvr32.exe

pid	process
1696	regsvr32.exe
1696	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_eb78feabc81935e03997ea5fe5e8215438d9812713f7ea1185faee55d4a5bb0a.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696

memory/1696-54-0x00000000003B0000-0x00000000003B7000-memory.dmp

Filesize
28KB

Download
memory/1696-55-0x00000000003B0000-0x00000000003B7000-memory.dmp

Filesize
28KB

Download