icedid | 1ef8c2efbfccbd720e220136da83f47f745bc3e2814bb8d487c1138065467469

Analysis

max time kernel
121s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22/12/2024, 01:55

Target

a60c5cc2e8c00dcc490cbfe2c6664357f6784f275accb5e41de6f2b3748bff06.dll
Size

84KB
MD5

ce1df3d5aee9553e98edccba466b0d00
SHA1

b47bffee03f6b09d6a25da7b2e9db612a8a779e8
SHA256

a60c5cc2e8c00dcc490cbfe2c6664357f6784f275accb5e41de6f2b3748bff06
SHA512

ca364293eefbd2d72e2747f3aff77f65fbbddcf39b654ba7ec674b03693677589331de361e6342bf6bacad8879072e5e18afc21a0cb9559c7a472cdac15e91be
SSDEEP

768:DO0hWUlu5jm50BbScDzDY+1Waal5hoYsqxHRVt3wmCq5+3nZHqQVu/3z:C0hWUlulBeMn1daTp97tA9r39Ru/j

Score

10^/10

Family

icedid

Campaign

2174379857

rakovinnae.website

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

IcedID First Stage Loader 2 IoCs

loader

resource	yara_rule
behavioral1/memory/1680-0-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader
behavioral1/memory/1680-1-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1680	regsvr32.exe
1680	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a60c5cc2e8c00dcc490cbfe2c6664357f6784f275accb5e41de6f2b3748bff06.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

memory/1680-0-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download
memory/1680-1-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download