Overview

overview

10

Static

static

WIN7(20)

windows7_x64

10

Resubmissions

24-03-2021 15:17

210324-2nwt4re2bs 10

24-03-2021 14:07

210324-pa5wp9jb3n 10

Analysis

  • max time kernel
    1138s
  • max time network
    1141s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    24-03-2021 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68e8bab6308f27e174f3fcdfd8a82d2e.dll

  • Size

    65KB

  • MD5

    68e8bab6308f27e174f3fcdfd8a82d2e

  • SHA1

    964ba992b4b40636322b2eb4ad3824b8d23492c2

  • SHA256

    2b31af16d61c2abd5ba53848e174acc83f52078abf61277709eea4bff8a260e6

  • SHA512

    49f76bd06215af5b8ea0cbef6c9042577bdffcf6c673be74aad83f0e95237ef3b288e14449cb4fa2f4fa6eb49094bed9f5551c08418a8e3c8e0dbac05c42ff9e

Score
10/10
icedid3683573724Photoloaderbankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3683573724

C2

24savetonnofmaoney.xyz

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • PhotoLoader Payload 1 IoCs

    IcedID downloder-Photloader.

    Photoloader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\68e8bab6308f27e174f3fcdfd8a82d2e.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1088-2-0x000007FEFBDA1000-0x000007FEFBDA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1088-3-0x00000000004C0000-0x00000000004C7000-memory.dmp
    Filesize

    28KB

    Download