icedid | fa7df8f933a07f01cdd27cfee8b48b0289197f8d99dbf820b37920111aa408bd

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2024, 19:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fa7df8f933a07f01cdd27cfee8b48b0289197f8d99dbf820b37920111aa408bd.dll
Size

490KB
MD5

d1d7938e27349027b587d47a42b757dd
SHA1

b69fdea0290f63c8c2d7d93be65c49240082aa3f
SHA256

fa7df8f933a07f01cdd27cfee8b48b0289197f8d99dbf820b37920111aa408bd
SHA512

8b13ba9ce679819a4ce474e5a14e1c69fa394cf5ef7c18d9b20bb93a7a5053b4f81eb5b727d240dacf3b84f65415b5573e360587b2cc43b92bddb070b7d45f55
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRh:knmj6xK1y3Ik6TZGRh

Score

10^/10

icedid 3467965077 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

firenicatrible.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4648	regsvr32.exe
4648	regsvr32.exe
4648	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fa7df8f933a07f01cdd27cfee8b48b0289197f8d99dbf820b37920111aa408bd.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

firenicatrible.com

regsvr32.exe

Remote address:

8.8.8.8:53

Request

firenicatrible.com

IN A

Response
DNS

212.20.149.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.20.149.52.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

86.49.80.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.49.80.91.in-addr.arpa

IN PTR

Response
DNS

firenicatrible.com

regsvr32.exe

Remote address:

8.8.8.8:53

Request

firenicatrible.com

IN A

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

firenicatrible.com

regsvr32.exe

Remote address:

8.8.8.8:53

Request

firenicatrible.com

IN A

Response

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

firenicatrible.com

dns

regsvr32.exe

64 B
137 B
1
1

DNS Request

firenicatrible.com
8.8.8.8:53

212.20.149.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

212.20.149.52.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

86.49.80.91.in-addr.arpa

dns

70 B
145 B
1
1

DNS Request

86.49.80.91.in-addr.arpa
8.8.8.8:53

firenicatrible.com

dns

regsvr32.exe

64 B
137 B
1
1

DNS Request

firenicatrible.com
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

firenicatrible.com

dns

regsvr32.exe

64 B
137 B
1
1

DNS Request

firenicatrible.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4648-0-0x0000000002150000-0x000000000215E000-memory.dmp

Filesize
56KB

Download
memory/4648-1-0x0000000002150000-0x000000000215E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.