icedid | ca4d0fd8ce33e46118d038cff388c23f1259e18adea7a1ef85388ef3e792398f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2024, 15:29

Target

4a4ac5728ae89009cd38a1401b3804e7.dll
Size

75KB
MD5

4a4ac5728ae89009cd38a1401b3804e7
SHA1

e0ce63ab94bb670a5fd487a20537f93c74b2129e
SHA256

1ef6a0fccc15b016dfd852087b6dc66185dfaee7a7693d719469c82486b4cdc3
SHA512

2cdb3188914aa53d394241c74bf1a2fd7558ecaf7f7884e697210270b505309be09f16ff75c3d9443a31c5187aebe211c3641dae0d83bd98ca8da25e356782ee
SSDEEP

768:KqE+MlI0GJ+4PWBzZMkkkksV83I8LtrqVLb/xXR+VYA8BjM20msXhwRnwP3LVx+I:nzMZCijuuK3Lqf4T/j6GAKg2gJFA

Score

10^/10

Family

icedid

Campaign

4213125251

188criolaserz.space

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

IcedID First Stage Loader 1 IoCs

loader

resource	yara_rule
behavioral2/memory/4240-1-0x00000000015F0000-0x00000000015F7000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4240	regsvr32.exe
4240	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4a4ac5728ae89009cd38a1401b3804e7.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240

memory/4240-1-0x00000000015F0000-0x00000000015F7000-memory.dmp

Filesize
28KB

Download