icedid | da7e542d3a7769ae0cb44571cc3eda30b5ae31fb663ea5f1eef81eaddb455162

Analysis

max time kernel
156s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2023 19:17

Target

Malicious_da7e542d3a7769ae0cb44571cc3eda30b5ae31fb663ea5f1eef81eaddb455162.dll
Size

75KB
MD5

50a1a156e93f21903667347b661880e0
SHA1

6081f637e9a4749b9780555be58be105866e2877
SHA256

da7e542d3a7769ae0cb44571cc3eda30b5ae31fb663ea5f1eef81eaddb455162
SHA512

7d417446e500aad506981b7a1c73fc6479e7ff213707437690e20a737a9d736eacb7ff730dae9856edb187e771917913c91ffb6c0fb1cd8a3d25d5dd47414a1e
SSDEEP

1536:CY53MNyZS2TinPvX+3pBn9EYm3lHMyYoTivf:x530ysqinXU39E/3lRA

Score

10^/10

Family

icedid

Campaign

4213125251

asforthemines99.uno

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/2080-133-0x0000000000DB0000-0x0000000000DB7000-memory.dmp	IcedidFirstLoader
behavioral2/memory/2080-134-0x0000000000DB0000-0x0000000000DB7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2080 regsvr32.exe
2080 regsvr32.exe

pid	process
2080	regsvr32.exe
2080	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_da7e542d3a7769ae0cb44571cc3eda30b5ae31fb663ea5f1eef81eaddb455162.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2080

memory/2080-133-0x0000000000DB0000-0x0000000000DB7000-memory.dmp

Filesize
28KB

Download
memory/2080-134-0x0000000000DB0000-0x0000000000DB7000-memory.dmp

Filesize
28KB

Download