icedid | ae77b677e8c7a67a0c9121cae042dd4e977ee3487ceaae5726f377ce3280fc07 | Triage

Analysis

max time kernel
122s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 01:12

Sharing

Report Analysis Logs

General

Target

f4bb060de5453e9d628ee5e90c740dbb_JaffaCakes118.dll
Size

57KB
MD5

f4bb060de5453e9d628ee5e90c740dbb
SHA1

81304044263ad6e98a2d978c97e4ae29de65aa65
SHA256

ae77b677e8c7a67a0c9121cae042dd4e977ee3487ceaae5726f377ce3280fc07
SHA512

b1c3e29f26fd2c474d244e79ca8949e866873f5ddc144e2547448b513224bb6b71af8319d9bdd254fcd3e0231d066998bfede19894090434c3dccdd0d0868a12
SSDEEP

1536:dZoOQeP15YCslCvzF757+Rcl/K5InG4Xi:A6fslCrF7QcNqQi

Score

10^/10

icedid 1741433514 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1741433514

C2

ferrelosaakolo.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

556 regsvr32.exe
556 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f4bb060de5453e9d628ee5e90c740dbb_JaffaCakes118.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/556-0-0x00000000027E0000-0x0000000002834000-memory.dmp

Filesize
336KB

Download