icedid | affd2ac259db1b8d1b51438d1baac42f6efedf7250f39435baccfc81eb1485c5 | Triage

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:46

Sharing

Report Analysis Logs

General

Target

44271.612877662.dll
Size

43KB
MD5

386ee9c74df6b655db3a273c32373260
SHA1

1c8dc39f8c5b59be3f1b86339f7fd86f3a115c5a
SHA256

4f667f4267b2a1e90029ec3e66de84f0131e573087d4a0f50e4c9b5b9e0a8173
SHA512

cf550fec8a8790279a92995a797fb0472ac6d1b3a492122b56554a2f55d61c420750084513c9cf602ac30cfa66e65c7ce8f67ecc44ba2187def7a1548ca700e8
SSDEEP

768:pKr9m1jUXGVJAPF8QQG+dLSPqJyufzV+QC7SK0ZqxOWVXP:pKr96Ac2tl+dLSPKyoz0QuBnrB

Score

10^/10

icedid 2533051401 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2533051401

C2

630mordorebiter.website

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

IcedID First Stage Loader 2 IoCs

resource	yara_rule
behavioral1/memory/2180-0-0x00000000001D0000-0x00000000001D7000-memory.dmp	IcedidFirstLoader
behavioral1/memory/2180-1-0x00000000001D0000-0x00000000001D7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2180	regsvr32.exe
2180	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\44271.612877662.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2180-0-0x00000000001D0000-0x00000000001D7000-memory.dmp

Filesize
28KB

Download
memory/2180-1-0x00000000001D0000-0x00000000001D7000-memory.dmp

Filesize
28KB

Download